WSX 1.1 beta is released, with bookmarkable VMs!


I’ve been pretty quiet on the WSX front since the release of WSX 1.0. A lot of work has been put into taking this from a prototype to something more solid, more functional.

Yesterday, we released a beta of WSX 1.1, which takes a big step in that direction, improving the reliability and access to your VMs, with a couple new features. Let’s go through them!


Bookmarkable VMs

To get to your favorite VM before, you’d have to connect to WSX and navigate to it every time, which was.. kind of a pain. No more, I say! Each VM now has its own URL, and that URL is bookmarkable. Place a bookmark in your browser’s toolbar for quick access, or bookmark to the home screen on your iPad.

Sure, you’ll have to log in if it’s been a while, but you won’t have to navigate all the way to your VM every time. As for the annoyance of constantly logging in to your servers…


Persistent Server Connections

Every new tab or reload disconnected all your server sessions before, due to how we mapped a browser’s connection to a server’s connection. That’s been made a lot smarter in 1.1. Now, once you connect, you can open as many other tabs/windows to WSX as you want and they’ll share your server sessions. You can even close all your tabs, and so long as you open WSX again within 5 minutes, you won’t have to log in again.

That means you can log in to a server and open each VM you want to work with in their own tabs without logging in more than once. Cool, right? Really handy for bookmarkable VMs.


Other Enhancements

Those were the two big features, but there were lots of other enhancements and fixes. In general:

  • New icon!
  • Various cursor and key fixes for Internet Explorer
  • Faster graphics performance
  • Key repeat now works
  • Caps Lock improvements


Get it while it’s hot!

Weird bugs: Django, timezones, and importing from eggs

Every so often you hit a bug that makes you question your sanity. The past several days have been spent chasing one of the more confusing ones I’ve seen in a long time.

Review Board 1.7 added the ability to set the server-wide timezone. During development, we found problems using SSH with a non-default timezone. This only happened when updating os.environ[‘TZ’] to something other than our default of UTC. We’d see the SSH process (rbssh, our wrapper for SSH communication) break due to an EOF on stdin and stdout, and then we’d see the development server reload itself.


Since this originated with a Subversion repository, I first suspected libsvn. I spent some time going through their code to see if a timezone update would break something. Perhaps timeout logic. That didn’t turn up anything interesting, but I couldn’t rule it out.

Other candidates for suspicion were rbssh itself, paramiko (the SSH library), Django, and the trickster god Loki. We just had too many moving pieces to know for sure.

So I wrote a little script to get in-between a calling process and another process and log all communication between them. I tested this with rbssh and with plain ol’ ssh. rbssh was the only one that broke. Strange, since it wasn’t doing anything obviously wrong, and it worked with the default timezone. Unless it was Paramiko somehow…

For the heck of it, I tried copying some of rbssh’s imports into this new script. Ah-ha! It dropped its streams when importing Paramiko, same as rbssh. Interesting. Time to dig into that code.

The base paramiko module imports a couple dozen other modules, so I started by narrowing it down and reducing imports until I found the common one that breaks things. Well that turned out to be a module that imported Crypto.Random. Replacing the paramiko import in my wrapper with Crypto.Random verified that that was the culprit.

Getting closer…

I rinsed and repeated with Crypto.Random, digging through the code and seeing what could have broken. Hmm, that code’s pretty straight-forward, but there are some native libraries in there. Well, all this is in a .egg file (not an extracted .egg directory), making it hard to look through, so I extracted it and replaced it with a .egg directory.

Woah! The problem went away!

I glance at the clock. 3AM. I’m not sure I can trust what I’m seeing anymore. Crypto.Random breaks rbssh, but only when installed as a .egg file and not a .egg directory. That made no sense, but I figured I’d deal with it in the morning.

My dreams that night were filled with people wearing “stdin” and “stdout” labels on their foreheads, not at all getting along.

Today, I considered just ripping out timezone support. I didn’t know what else to do. Though, since I’m apparently a bit of a masochist, I decided to look into this just a little bit more. And finally struck gold.

With my Django development server running, I opened up a separate, plain Python shell. In it, I typed “import Crypto.Random”. And suddenly saw my development server reload.

How could that happen, I wondered. I tried it again. Same result. And then… lightbulb!

Django reloads the dev server when modules change. Crypto is a self-contained .egg file with native files that must be extracted and added to the module path. Causing Django to reload. Causing it to drop the spawned rbssh process. Causing the streams to disconnect. Ah-ha. This had to be it.

One last piece of the puzzle. The timezone change.

I quickly located their autoreload code and pulled it up. Yep, it’s comparing modified timestamps. We have two processes with two different ideas of what the current timezone is (one UTC, one US/Pacific, in my case), meaning when rbssh launched and imported Crypto, we’d get a bunch of files extracted with US/Pacific-based timestamps and not UTC, triggering the autoreload.

Now that the world makes sense again, I can finally fix the problem!

All told, that was about 4 or 5 days of debugging. Certainly not the longest debugging session I’ve had, but easily one of the more confusing ones in a while. Yet in the end, it’s almost obvious.

VMware WSX 1.0.1, and the new Community Page

Last month, we released WSX 1.0. Those following along with the beta knew what to expect, as it was largely our latest Tech Preview release with some more fixes thrown in.

Unfortunately, we also threw in a regression that we’ve since been working to fix. The console would, at times, stop displaying anything, just appearing black. Clicking the little Refresh button would fix it, but it was annoying and, to me personally, quite embarrassing.

Today I’m happy to announce that we’ve released WSX 1.0.1, which has fixes for the black screen issue, and also support for Windows domains in usernames (indicated by “MYDOMAIN\username”) when logging in.

Along with the release, we’ve also introduced the new WSX Community Page, where you’ll be able to find the latest releases, documentation, and discussions on WSX. I’ll be on there, as will some of our QA, to answer questions.

VMware WSX July Tech Preview Release

A month ago, I announced the release of the June VMware WSX Tech Preview. In it, I covered our awesome new Retina support for MacOS X and iPad, voice input, Windows support, and more. We had some great feedback and worked to address some of the key issues, while putting in a few new things.

Today I’d like to announce the WSX July Tech Preview, which is chock full of improvements. Let’s go over them, shall we?

Improved Home Page

The Home page on WSX was a bit.. barren. Completely blank and useless, in fact, but no more. Now the Home page serves as a jumping point to get to your servers and to configure your server list. This replaces the Configuration page. In the future, I’d like to further improve this by giving quick access to your most recently used VMs.

Improved Server Page

The Server Page was a jumbled mess of links to VMs. Now it’s a nice, filterable, alphabetical list. Search for your VMs by typing part of their name, or filter them by power state. It’s much easier now to find what you need. Oh, and the VM icons now show the power state as well!

Big Honkin’ Power Button

Much like VMware Player and Fusion, we now show a Power On button on top of the screen when the VM is powered off or suspended. This gives you both a nice visual showing what state your VM is in, and a big, easy to hit target for powering it on. Particularly great for touchscreens.

Better Touch Input

Working with your VMs on an iPad is now much, much nicer. We map a bunch of gestures to mouse events, giving you support for right-click, middle-click, and scrolling.

To right-click, just tap-and-hold part of the screen. Or you can press with one finger and tap with a second. Pressing instead of tapping with the second finger is equivalent to holding down the right mouse button, letting you drag around the screen. The actual click will take place where you pressed the first finger.

Just add a third finger to the mix to work with the middle button. That is, press with one finger and then tap (or press) with two more fingers.

Drag up or down with two fingers to scroll. This works just like the mouse wheel.

Mouse Wheels

If you’re using WSX from a PC or Mac, your mouse wheel should now work! Scroll to your heart’s content.

(Note: Mouse wheels events work a bit differently across different browsers, so depending on which browser you use, the sensitivity may be off. It works pretty well in Chrome and Firefox.)

Better Retina Support

Retina was cool and all, but reconnecting to a VM would put that VM back in non-Retina mode, moving all your windows and icons around. No more! Now if your VM was in Retina mode before, it should be in Retina mode when you connect next.

You can pretty easily live in Windows 7 with high-DPI set in Retina mode on an iPad 3 now.

There’s also new Retina icons on the action bar below the screen.


WSX can now (optionally) encrypt all the traffic between the WSX server and your computer or mobile device. You only need to generate or purchase an SSL certificate, name the files wsx.crt and wsx.key and place them in your /etc/vmware/wsx/ssl/ directory (on Linux) or Application Data\VMware\VMware WSX\SSL directory (on Windows).

Why isn’t this the default, you may wonder? Of course we’d love to just generate self-signed certs by default and encrypt everything, but it turns out there are some browser compatibility issues with self-signed certs and WebSockets, which we use for all our communication. iOS, in particular, is currently broken in that regard.

There are many places on the web where you can get free or cheap certificates that should work fine for you. We highly recommend installing an SSL certificate to enable HTTPS for WSX. Another option is to require access to WSX through a secure VPN.

Easier Installation

Some Windows and Linux users hit problems with our installation in the previous release.

A few Windows users had a crash at startup. This was due to a naming conflict causing an early failure, which we’ve fixed.

Linux was a bit more of a complicated story. We required a specific version of Python on the system, and while not an uncommon version, it proved to be too hard to get going on many systems. This is no longer a requirement! You don’t even need Python installed. We run completely independently now.

So give it another try!

Smarter Defaults

New installs would come with a “Shared VMs” server pre-configured. The intent was to make it easy to get to your Workstation Shared VMs. Some people, though, had changed the port for their Shared VMs, which confused WSX and caused some problems. We’ve improved the smarts to only add this server if it’s installed on the same system as Workstation, and to grab the port from that configuration.

Performance Tweaks

  • Connecting to the VM should be a bit faster now.
  • Resizing the browser window no longer causes the VM to take forever to update its resolution. We were spamming it with resolution change requests.

Bug Fixes

  • Fixed a crash when accessing some Linux VMs that had Tools but didn’t support switching resolutions.
  • Fixed the styling of some parts of the UI on some browsers. The Log In page, in particular, looked pretty broken on the iPad.

Known Problems

  • Connecting to vSphere will still only show VMs in the root VM folder, and not in subdirectories or datacenters. Work is still needed here.


As always, please let us know if you hit any problems or have any questions!

VMware WSX TP2: Faster, Shinier, and Less Broken

A few months back, I introduced VMware WSX, a new product I’ve been developing at VMware to access virtual machines in any modern web browser without plugins. The response blew me away. News spread to Ars Technica, Engadget, Windows IT Pro, InfoWorld, and many other publications and sites.

I’m happy to announce that we’ve released another build today: WSX Tech Preview 2. You can get it on the Workstation Technology Preview 2012 forum. Just click “Downloads” and download either the Windows or Linux installers.

Like the first Tech Preview, this is a prototype of what’s to come. I’m actively working on a rewrite that will prove much more reliable, with better compatibility and room for future growth. We have a pretty good release, here, though, and I’d like to break down what all has changed.

Windows Installer

The first preview of WSX was only for Linux. I work primarily on Linux, and as such, this was my priority. While we weren’t able to get a proper Windows build ready for TP1, we now have it for TP2. So Windows users, if that’s been holding you back, give it a try now!

Better Performance

We’ve optimized the rendering to the screen. This should result in faster updates, making things much smoother, particularly on iOS. We’ve added some mobile (and specifically iOS) rendering improvements, and they really help. As we continue to evolve WSX, expect the experience on mobile to only get better.

Retina on iOS

When you go to WSX on an iOS device, you’ll see some changes. First of all, the icons will be more crisp and Retina-friendly. Second, there’s a new “Retina” button for switching the  VM into retina mode. I blogged about this a while back, and it’s finally ready to be played with. (Note: There are some occasional rendering bugs to work out.)

But wait! MacBook Pros have Retina displays too!

Speech-to-Text on iOS

You know that little microphone button on the iOS keyboard on the latest iPad/iPhones? Pressing that allows you to “type” with your voice on native applications. Now, we support it as well.

Open up an application in the VM (Word, for example), pop up the keyboard, and hit the microphone. Begin speaking, and your words will appear automatically in your application as if you were typing them. It’s fun!

Beginnings of Android Compatibility

I will warn you, this is not fully baked yet.

The main problem with Android is that most browsers, especially the stock Android browser, do not support the modern web features we need. WebSockets and fast Canvas rendering being a couple of the key issues. Those that do, like Firefox, suffer from other glaring rendering problems that make for a bad experience.

Work is being done here, though, and if you’re running on an Android browser without WebSockets, we now attempt to use a Flash shim that communicates with the server. This makes WSX semi-usable on the Android browser. However, it’s not fast, and there are input problems. In time, I hope to improve this.

Better iOS Compatibility

  • Input is much improved. Capital letters and most special symbols now work. There are issues still with international characters, though. Backspace key repeats now work, too.
  • Various fixes for things like question dialogs not appearing, username fields having auto-capitalize/correct on, and other little issues here and there.

Better Feedback

  • When a login attempt fails, you’ll see an error saying what went wrong, instead of seeing it wait forever.
  • We show a spinner now when attempting to connect to the VM’s display. This provides some feedback, especially over slower connections, and mimics what we do with Workstation.
  • Attempting to change the power state of a VM now shows a spinner on the appropriate power button. So, press Power On, and the button will spin until it begins to power on.
  • If the connection to a server drops, you’ll be notified and taken back to the Home page.

UI Improvements

  • Login pages aren’t so bare anymore.
  • The giant useless margin on the left-hand side of most pages have been removed.
  • Added a logout link! (One of our most heavily requested features.)

Bug Fixes

  • Connecting to vSphere no longer totally fails. Many users were having some problems with that, and I’m happy to say it should work better now. It’s still not meant to handle thousands of VMs, though.
  • Pressing Control-Alt-Delete now actually sends that to the VM. Sorry for all of you who couldn’t log into Windows.
  • WSX no longer disconnects when updating the screen resolution fails.
  • If you connect to multiple servers, the inventories should be correct on each. Previously, they’d sometimes show the wrong server’s inventory.

New Bugs

  • Occasionally, the screen may stop updating. We’re looking into that. In the meantime, there’s a Reload button you can press to re-establish the connection to the VM’s display.

What next?

I can’t give away all my secrets, but we’re looking into better ways of handling input in the guest (especially with touch devices), and making WSX a bit more scalable. We’ll continue to put out Tech Previews of WSX while it matures.

In the meantime, let us know how it’s working for you.

WSX, Meet Retina.

On Friday the 16th, an angel in white, glowing robes delivered a shiny new iPad to my desk, as heavenly music played softly in the background. (I may be misremembering the details.)

The most talked about feature of the new iPad is, of course, the shiny new retina display (a 2048×1536 resolution). A few apps really show this off, and text is certainly crisp, but a few people wondered aloud, “Is it really that big of a difference?” Yes, it is.

Naturally, I had to play around with getting WSX to show a retina-friendly desktop. See, by default, everything is scaled up 2x to simulate the resolution of the original iPad (1024×768), but they have some support in there for loading higher-resolution images. Turns out, with some tricks, you can also make the canvas retina-friendly.

So let me show off what my desktop here looks like with some apps open on the iPad 1.

Okay, that’s a bit crowded, but it’s only a 1024×768 resolution (minus some UI at the top of the screen). How about with the retina display?

Wooo. Looks pretty awesome, right?

Of course, the problem is that everything is very tiny. This is usable if you increase the DPI a bit, but I’m thinking about some magnifying support now. Still, pretty cool.

WSX: Virtual Machines in Your Browser

Updated March 13, 2012 at 10:43PM: I have a list of limitations and known bugs toward the end.

Updated March 14, 2012 at 9:30PM: I’ll be on the VMware Community Roundtable podcast at 12:00PM PST today, where I’ll be talking about WSX and jumping into a little more detail.

Updated March 20, 2012 at 10:15PM: A lot of people are confused, so I want to point out that WSX is not AppBlast. That’s a separate project with separate goals. WSX is a remote console built using the same underlying technologies as Workstation and Player. It’s also not a front-end for View. I can’t speak for any of those projects’ goals and plans.

Virtual Machines have always been a great way to work with different operating systems, carry your desktop around with you, and manage lots of servers or configurations. In the past, you’d run the virtual machine on your computer and then use a product like VMware Workstation or Player to interact with them.

In Workstation 8, we introduced the ability to share VMs across a network with other copies of Workstation, and to use VMs running on ESXi/vSphere. You could use any computer in your network to reach any other VM and to manage your servers. I covered this in a previous post, and as I said there, we were very proud of this release.

Still, the world is evolving fast, and more people are moving to tablets and smart phones. It doesn’t mean the end of desktops or servers, but it does change how people are accessing their data and applications. And their VMs.

Get to it already


I’ve spent the past few months on a prototype, one I’m proud to say we’re shipping as part of the Workstation Tech Preview. It’s currently called WSX (name may change in time), and it brings your VMs to your tablets, smart phones, and any PC or device with a modern browser.

WSX is installed as a mini web server in your network and serves up an interface for accessing your Workstation Shared VMs and your VMs on vSphere/ESXi 5. You can power your VMs on, off, suspend them, and interact with them. All from a web browser, and all without plugins, with nothing to install on the client end.

This means that you can walk into the Apple store, pick up an iPad right off the shelf, and in less than a minute, start using your desktop back home. (Of course, provided you’ve port forwarded your WSX server so it’s accessible outside your network.)

How does it work?

WSX makes use of some modern web technologies, such as HTML Canvas and Web Sockets, along with a small but powerful server to turn your browser into a full-on remote console. The WSX server talks to your Workstation, ESXi, and vSphere instances and relays the appropriate data up to the client running in the web browser. With that data, the client can stay updated with the latest changes to the VM and offer a full display of the console. We don’t use any plugins, meaning there’s nothing to install.

It’s known to work with the latest versions of Chrome, Firefox, and Safari. It also works with the Internet Explorer 10 preview (though I’m still working on some bugs there). And for tablet users, it works quite well with the iPad running iOS 5+. Android users running Ice Cream Sandwich may get some luck with Google Chrome for Android, but I’m still working on Android compatibility.

A lot of work has gone into making this pretty fast. If you stream a 720p YouTube video inside a VM and access it from Chrome or Firefox on a modern PC, you should see near-native quality and framerates. It’s not as fast streaming to an iPad just yet, but you’ll see some impressive changes there before long.

On some modern browsers, you can even make your desktop go full-screen, just like you can with Workstation.

Note: There’s a bug on the iPad today with the on-screen keyboard where capital letters and punctuation are a bit broken. I’ll fix it!

Tell me some use cases

Sure thing.

  • You can work on your documents from your iPad from anywhere, knowing your data is safe in your network and not on some desktop streaming service company’s VM somewhere in their datacenter, not worrying about what may happen to your data if their service is down.
  • If your server is acting up while you’re at the store, you can connect to your VM from your phone/tablet and deal with it instead of rushing home.
  • Play Windows Solitaire from your iPhone.
  • Confuse people by running a VM from within a browser from within a VM from within a browser from within a VM from within a browser from ……
  • Have your presentation or demo live within a VM so that when your laptop dies at just the wrong time, you can grab anyone else’s laptop or iPad and quickly resume where you left off.
  • Have your iPad set to sync music over the network with a copy of iTunes running in a VM, and then use the same iPad to interact with that same copy of iTunes without ever involving a PC or Mac.
  • Run Windows 8 in your VM full-screen on your iPad, so you can confuse everybody.

As WSX evolves, so too will the use cases. I’m personally very curious to see how people will be using it.

Installing WSX

Right now, WSX ships with the Workstation Tech Preview for Linux installer. You’ll be asked for a port (defaults to 8888), and then it’ll install once Workstation is installed. Make sure you have the python2.6 binary installed on your system, or it won’t run! (This is a temporary limitation.)

Now there is a bug today where the installer won’t start the service for you. You’ll need to do:

    sudo /etc/init.d/vmware-wsx-server start

After that, you should be able to point your browser to http://localhost:8888/. If you want to reach your VM from outside your network, just port forward this one port in your router and you’ll be set.

You’ll log in with your system’s username and password. No need to create a new account.

Windows is another story. We don’t have a build out just yet, but stay tuned on this. I’ll make an announcement when that’s ready.

What’s the plan going forward?

I can’t speak to our long-term plans, but as I continue to work on the WSX tech previews, my main goals are to make it faster, improve browser compatibility, and make it easier to interact with your VM. This means gestures (two-finger scrolling in place of a scroll wheel on tablets), gamepad controls (play Portal 2 on your iPad!), multitouch, and whatever else we can figure out.

These are my goals, and not necessarily those of VMware’s, so don’t hold the company to anything I say here!

Limitations and Bugs

There are some known limitations and bugs in this build of WSX. Please remember, this is a new prototype, and is not a finalized product!

  • You must have the python2.6 binary installed on Linux for this to run.
  • On the iPad, the on-screen keyboard is currently a little broken when it comes to capital letters and punctuation (anything involving Shift, basically).
  • We use the on-screen keyboards on mobile devices, which don’t contain things like Control keys, function keys, etc. So for now, those keys aren’t available. Looking into proper solutions here.
  • There’s no sound. Sorry if I confused some of you! There’s some things we’re waiting for in modern browsers before we implement this. No ETA or promises from me.
  • You can run against Workstation 8 Shared VMs (I think?), but you won’t see as good performance. Same with ESXi VMs.


If you try playing around with WSX, I’d love to hear about it. This has been a pet project of mine for the past few months, and I’m pretty excited about it. Yes, there are rough edges that we know about and will be smoothing out as we go forward, but I think it makes for a great prototype, and certainly one I’m starting to love using.

A Proud Moment: VMware Workstation 8

Today is kind of a career highlight for me. A moment I’m especially proud of. We just released VMware Workstation 8. Code-named “Nitrogen,” this release has been in the planning stages since around the time I joined VMware 7 years ago. It has been in active development for the past 3 years. Easily the longest development cycle we’ve had for Workstation, but also easily the best release we’ve ever done.

Previous users of Workstation will notice quite a lot of improvements to this release. We have a lot of changes, but I want to go into a few that I’ve worked on over the past three years, which I think are of particular interest.


Remote Server Connection

This is the big one.

Workstation 8 can share VMs with other Workstation 8 clients. You can run a VM on one system (say, a beefy desktop machine in the back room) and access them from another (say, a light-weight laptop). All the processing happens on the machine running the VM. They can be made to start up along with the system, so you don’t even need Workstation running. You don’t even need X (on Linux).

Users of VMware Server or GSX should find this familiar. We’ve essentially succeeded the Server product with this release, with more features than Server ever had. For instance, one client can connect to multiple servers at once, alongside all your existing VMs.

That’s not all, though. You can also connect to ESXi/vSphere. As a developer, this is something I take advantage of nearly every day. I have an ESXi box running in my back room with several VMs for testing, and a couple for in-home servers. By running on ESXi, I minimize the overhead of a standard operating system, and gain a bunch of management capabilities, but previously I had to use vSphere Client to connect to it. Now I can just talk to it with Workstation.

Hear that, Linux admins? You don’t need vSphere Client running on Windows to connect to your ESXi/vSphere box anymore. That’s a big deal. (Unless you need to do some more advanced management tasks — we’re more about using the VMs, and light customization).

VM Uploading

We also make it easy to upload VMs to an ESXi/vSphere box. Connect to another server, drag a local VM onto it, and the VM will convert and upload directly to it. Super easy. Developing a VM locally and putting it up on a server as needed is just a simple drag-and-drop operation now.

No More Teams

Thumbnail Bar

Teams was a feature that we’ve wanted to rework for a long time. For those who aren’t familiar with them, Teams was a way to group several related VMs together (say, parts of a test server deployment) such that they could be viewed at the same time with a little live thumbnail bar. It offered some support for private virtual networks between them, with each NIC being able to simulate packet loss and different bandwidth limits.

We felt that these features shouldn’t have been made specific to “special” VMs like they were, so we tore the whole thing apart while preserving all the features.

Now, every VM’s NIC can simulate packet loss and bandwidth limits. Any VMs already together in some folder or other part of the inventory can be viewed together with live thumbnails, just like Teams. Any VM on the local system can be part of any other VM’s private virtual network.

It’s much more flexible. The restrictions are gone, and we’re back to using standard VMs, not special “Team VMs.”

Inventory Improvements

Inventory Filtering

You may have noticed the search field in the inventory in my screenshots. You can now filter the listed VMs by different criteria. Show the powered on VMs, the favorites, or search for VMs. Searching will take into account their name, guest OS, or data in the Description field in the VM. The Description searching is particularly helpful, if you’re good at documenting/listing what’s in a VM that you may care about (IE6, for instance).


Favorites was reworked. It used to be that every VM in the sidebar was a “favorite.” Now we list the actual local VMs, and we don’t call them favorites. Instead, you can mark one of the listed VMs as a favorite (by clicking a little star beside it) and filter on that.

UI Improvements

Folder Thumbnail View

We’ve streamlined the UI quite a bit. All our menus are smaller and better organized. Our summary pages are cleaner and highlights the major things you want to see.

We have new ways of navigating your VMs, which is especially handy on large servers. You now get a tab for any folder-like node in the inventory showing your VMs in either a list view (with info on power states) or a zoomable live thumbnail view showing what’s happening on each VM.

And Much More

That’s just a few of the major things. There’s many, many more things in this release, but the official release notes will cover that better than me. (Honestly, I’ve been developing and using this release for so long, it’s hard to even remember what was added!)

Tip of the Hat

A lot of great people worked on this release. The engineers that developed the various components across the company. The QA groups who have provided valuable testing to make sure this was a solid release. The product marketing and management teams who kept us going and help draft the goals of this release and market it. The doc writers who spent countless hours documenting all the things we’ve done. Upper management who allowed us to take a risk with this version. Our beta testers who went through and gave us good feedback and sanity checks. And many others who I’m sure I’m forgetting.

I said this already, but I’m so proud of this release and what we’ve accomplished. More effort went into this than you would believe, and I really think it shows.

And now that we’re done, we’re on to brainstorming the next few years of Workstation.

ThinkPad T520/W520, NVIDIA, Wide Gamuts, and You!

Update: Linking to a better color profile below.

Update 2: I narrowed down the ACPI issues, and have a better solution.

I recently purchased a brand new, maxed out ThinkPad T520. My old laptop was 4 years old, and while I absolutely loved it (and still do!), an opportunity came up to get a T520 with a nice discount. So I took advantage of that. I like large screen resolutions, as I tend to have a few thousand windows on screen at any given point in time, so I went with the 1920×1080 option, and put Ubuntu Linux on it.

And let me tell you, for an Ubuntu-certified laptop, it sure didn’t work out of the box.


It took a lot of effort to get Ubuntu working, due to some hardware problems. The biggest issue was the display adapter. The T520/W520 (and I believe the T420, etc.) come with two graphics chipsets: An Intel something-or-other, and an NVidia 4200M. By default, this is in “Optimus” mode, meaning that the OS can essentially switch between the cards for performance/power savings reasons, depending on use.

Not surprisingly, this does not work on Linux.

Your system will try to use the Intel card. You won’t have any 3D, and try as you might, that NVIDIA card just will not work. It’s maddening, but there’s a solution. One with its own set of problems, but at least it gets you there..

The trick, it turns out, is to go into the BIOS, go into the video settings, and switch to “Discrete Graphics” and disable auto-detection of Optimus. Once you do this, your NVIDIA card will work! You’ll get 3D, and it’ll be fast and smooth and so wonderful.

If you can boot, that is.

Once I switched over, I found I could no longer boot. Now this was 4:30 in the morning and my brain stopped functioning, so I wasn’t making all the connections. All I know is that booting locked up, and when I went into recovery mode, I started seeing I/O errors on my brand new 160GB SSD. Figuring it was just my luck, I decided I’d call Lenovo in the morning and get a new one. If this sounds at all familiar, stay calm! It’s not your SSD, and your system is not hosed. It’s ACPI.

(Of course it’s ACPI… Nobody ever said it was the Year of the Linux Laptop.*)

Update: I previously said that passing acpi=off in grub would fix things. That disabled battery and other stuff, though. The new solution below is far better. Suspend/resume and brightness work!

So, to fix that, go back to Intel graphics, edit your /etc/default/grub file, and set GRUB_CMDLINE_LINUX_DEFAULT to:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi=noirq"

Unfortunately, you won’t get Suspend/Resume, and I think the battery monitor is busted, but you’ll get Hibernate. It’ll mostly work. Sometimes. It’s Linux, afterall.

I’m not sure if this is needed anymore, but you may also need to add this to the “Device” section in your xorg.conf:

Option "RegistryDwords" "EnableBrightnessControl=1"

Once you have a working X/Unity/Compiz/3D/Minecraft setup working, you may notice some problems with colors….

Wide Gamut

The T520/W520/T420/etc. line of ThinkPads have a new 95% Wide Gamut LED display. It makes everything all bright and nice. And it butchers your colors.

Applications that support color management should in theory compensate for this. Not all apps do, though. What bothered me was my web browsing experience. Every color was broken, and as someone who writes webapps, I needed accurate colors. I was about to throw out this laptop before I managed to figure out a solution.

Modern Ubuntus should come with a Color Profiles control panel under System -> Preferences. From here, you can load ICM profiles and get things working. That will solve some of your issues, so let’s start there. Note that this is in Ubuntu 11.04 (I think), but I’m running 10.10 (I thought originally 11.04 was the source of my problems), so for me I had to:

apt-get install gnome-color-manager

And here, I the Color Profiles applet was causing problems, and I couldn’t directly use it, so I installed dispcalGUI, which allowed me to load in a profile and install it into Color Profiles, and activate it.

On some site, I found a working color profile (ICM file). I don’t know where I originally found it, but you can download it here. Note that this is only tested on my 1920×1080 display, so YMMV.

I’m not confident that this profile is 100% correct, but it’s close. At least as far as I can tell.

You’re free to try that profile, but I found a better one which preserves the crispness of the display with the actual accuracy you’d want on the web. WordPress is even looking correct now.

NotebookCheck’s review of the ThinkPad W520 links to a color profile that works much better.

Firefox Color Profiles

Now, you’ll still notice problems with Firefox and Google Chrome. Chrome doesn’t seem to understand color profiles, but Firefox does. You just have to tweak it.

In Firefox, go to about:config. In there, search for gfx.color_management. Set gfx.color_management.mode to 1, and then set gfx.color_management.display_profile to the path of that ThinkPad ICM file I linked to earlier.

Restart Firefox. You should now see more or less correct colors!

Now it’s not perfect. The ThinkPad screen is very bright, and some things can get a bit washed out and perhaps slightly tinted. As I type this, I’m noticing that the WordPress UI is a bit off, and things blend together more than they should (lots of light grays on a bright screen). But it should be much better than it was!

If you use a T520/W520/T420/etc. and have other solutions or tips for color management on Linux, I’d love to hear about them! And hopefully this saved someone else hours or days of rage.

* Thanks to James Farwell for the “Year of the Linux Laptop” snark.

I Invented Port Knocking

Let me tell you about something that’s been bothering me for a while.

I invented Port Knocking. No, really. In 2002.

According to, it was invented by Martin Krzywinski in 2003. I’m not here to debate that he didn’t come up with the idea separately, and choose the same names (it’s a pretty good name for the technology). But I do want to make it clear, for the record.

Wait, hold on, what’s Port Knocking?

Oh, got ahead of myself there.

Port Knocking is a security method where you can cloak a network completely (close all ports or put them in stealth mode) and yet still allow access from any computer in the world, by way of a sequence of “knocks” on a predefined list of ports.

The server can specify a list of ports (say, 53, 91, 2005, 2131, 7) and monitor to see if there are attempts to open them. If an outside computer accesses each of these ports in sequence, without hitting any other ports, and within a time period, the server can open a select set of ports (separate from the knock list) to that IP address only.

In my original designs, before opening the ports after a successful knock sequence, an authentication port would be opened at a predefined port, which the client would have to access, exchanging credentials, before the ports would be open.

And why the controversy?

First, some history.

In mid-2002, I was 18 and interested in security, amongst other things. Along with writing code for Pidgin (then Gaim), and a couple other projects, I was fooling around with firewalls and such.

I had this idea one morning while in the shower to add another layer of security. I really wanted to be able to completely close off my network, but still access it when out of town. I can’t tell you how it came into my head. Just a moment of inspiration. I wasn’t even really looking for another project, just brainstorming, but I liked the idea too much. I started writing code and made it work.

It was a while before I discussed it publicly on my old blog on Advogato. There are many posts, but I’ll highlight a couple here, where I introduce what I was working on:

The blog is full of lots of old teenage angst, so ignore most of it, but I spend the next few weeks going over my progress, answering questions from people who are asking for more information, etc. I was very open about it.

At one point a couple months later, I realized this was stupid. I had a good idea. I should patent it. I took it down for a while. This was after I had already put up the sourcecode, though, and many people had it.

Now, in retrospect, I should have made this into a full-on open source project and gained the recognition myself, continued development. But I was too busy with other things and didn’t really want another major product on my hands. I remember at one point I thought, “maybe I can sell this to a security company, or patent it!”

And since then…

One day, I opened a magazine and saw “port knocking” on the cover. My heart skipped a beat. Somebody wrote an article on my port knocking! I opened the magazine and read through it. “Invented by… Michael Krzywinski? What?!” I re-read to make sure. It was all my terminology, my methods. I was floored.

By that point, he made a name for himself as the inventor. And again, I’m not trying to discredit him, because he very well may have come up with the same thing separately. But it stung, because I had a great idea, a year before he wrote a paper on it, and I didn’t promote it the way he did.

Lesson learned

This is one of those life lessons. You always regret what happened, but you use it to make better decisions in the future. These days, I’m happy working on some awesome products. My day job at VMware and my highly successful code review software, Review Board (for which we’ve recently started a company).

Now, if I have a good idea, I make sure it’s heard, and demonstrated, far and wide. Truly great ideas don’t really come that often, so when you have one, make sure you do something with it, or you may end up regretting it for years to come.