Home > Virtualization > Perception vs. (Virtual) Reality: My Ping to Joanna’s Pong…

Perception vs. (Virtual) Reality: My Ping to Joanna’s Pong…

Joanna Rutkowska took the time to respond to my "open letter" that I wrote this weekend regarding her presentation at RSA.  I truly appreciate that.  It was a little barbed, but so was mine, but all’s fair in love and blogging.

I chortled, however, when I realized that I was deserved of a response only for the following reasons:

1) technorati.com reported the blog’s authority as above 100 which suggests it has a reasonable number of readers, and also

2) because I believe this is a good example of the social engineering techniques used by my opponents

I just about coughed my latte through my nose when I read that.

Just to be clear, Joanna, I’m not an "opponent" and despite your assertions, I don’t provide PR services for anyone.  I *do* however rather like the fact that you’ve anointed me with the madly-133t-skillz of a social engineer. 😉

Let me make it perfectly clear (because I don’t think I have) that I find your research incredibly interesting and your work compelling.  What I question is the relevancy across use cases and the way in which you choose to present it.  This is despite your bemoaning to the contrary, the way in which you surrender your words to the fates (i.e. the press) and seem powerless to be able to ensure what you said is printed in context accurately. 

Rather than continue the enthralling debate regarding the vagaries of municipal fire codes, let me get to the meat of the redress which is what I focused on in the first place: what you said and what you may have meant to say are two different things, Joanna.

To wit:

2. Type I vs. Type II hypervisors confusion.

Hoff then switches to the actual content of the presentation and writes this:
“When I spoke to you at the end of your presentation and made sure that I understood correctly that you were referring specifically to type-2 hosted virtualization on specific Intel and AMD chipsets, you conceded that this was the case.”

This simply is an incorrect statement! On the contrary, when describing the security implications of nested virtualization (which was the actual new thing I was presenting at the RSA), I explicitly gave an example of how this could be used to compromise type I hypervisors. Kindly refer to slides 85-90 of my presentation that can be downloaded here.

I said that the code we posted on bluepillproject.org indeed targets type II hypervisors and the only reason for that being that it has been built on top of our New Blue Pill code that was designed as a Windows kernel driver.

This is exactly why I and a couple of other folks came up to speak with you at the end of your talk.  It was not at all clear as to which case you were referring.  I humbly accept the responsibility for a lack of cognition here.  When I sought that clarification, you specifically answered as I mention above which confirmed my understanding.  To that end, the gentleman behind me responded "Yeah, that’s what I wanted to ask, too" and thanked you for the clarification.  Now you’re suggesting that what we heard was not what you said…

3. Shit not giving. Mr. Hoff goes even further:

“When I attempted to suggest that while really interesting and intriguing, your presentation was not only confusing to many people but also excluded somewhere north of 80% of how most adopters have deployed virtualization (type-1 "bare-metal" vs. type-2 hosted) as well as excluding the market-leading virtualization platform, your response (and I quote directly) was: I don’t give a shit, I’m a researcher.”

Now that was a hard blow! I understand that the usage of such a slang expression by an Eastern European female during an informal conversation with a native speaker must have made an impression on him! However, I couldn’t give such an answer to this very question, simply because of the reasons given in point #2 (see above).

I don’t care whether you’re an "Eastern European female" or a cross-dressing circus clown from Bolivia.  What does concern me is that first you suggest that your making that statement must have been shocking to me and then you immediately maintain you didn’t say it…and you throw in the gender card!  Nice.

Joanna, your dismissal using this exact phrasing is exactly what got me riled up.  Your dishonesty and/or confusion about what you said and what you think you said is the entire point you’re missing…except hysterically you claim you are a victim of the very issue I highlight:

So, then Hoff quotes the Forbes article that was written after my presentation and accuses me that the article (written by some Forbes reporter) was too sensationalist. I definitely agree the article was very sensationalist (but correct) and when I saw the article I even got angry and even wanted to write a blog about it (but as the article was actually correct, I had no good arguments to use against it).

And you know why I was so angry? Because I actually spent over 40 minutes with this very Forbes reporter in the RSA’s speaker’s lounge just after my speech, I spent that time on clarifying to that guy what my presentation was about and what it was not about and what was the main message of the presentation. Still, the reporter had his own vision of how to write about it (i.e. make it into a sensation) and I hardly, as it turned out, could do anything about it…

Perhaps the fault is ours, but perhaps you should accept some of the responsibility here, too?  If you continue to be misunderstood, misquoted, and misrepresented, perhaps it has something more to do with than the fact that your intellect is "…too technical for an average CISSP to understand it?"  Perhaps you are hard to understand?  Perhaps you don’t do a good job of explaining?  Perhaps the language gap is confusing things?

Look, I find the following assertion really interesting, and had you allowed me to ask the question, would have loved to have discussed it with you further:

"Keep[ing] hypervisors simple, do not put drivers there, as otherwise we would get to the same point where we are with current OSes these days, i.e. no kernel security at all!”

…but I didn’t get a chance to.  I actually resonate with your assertion.  I didn’t bring it up because that’s not what I had a problem with.

Finally, to your closing point:

Now I wonder, maybe Christofer Hoff doesn’t do PR for any VMM vendor, maybe he just didn’t listen carefully to my presentation. Maybe he’s just one of those many guys who always know in advance what they want to hear and selectively pick up only those facts that match their state of mind? Otherwise, why would he not realize that my presentation was actually a pro-virtualization one and needed no (false) counter-arguments?


I came to your presentation the way I do to every other I attend.  With an open mind, open ears and a closed mouth.  I listened carefully, was confused by what I thought were contradictory statements between your slides and what you were saying and sought clarification.  Upon clarification and subsequent condescending dismissal, I closed my mouth and my ears and formed my conclusion based upon your response.

Perhaps you’ll use this as an opportunity to reflect upon how you present and interact with people.  Perhaps you won’t.  I know I will.  Either way, I appreciate your research and your response to my "letter."


Categories: Virtualization Tags:
  1. April 14th, 2008 at 12:44 | #1

    If this were an IRC conversation, I'd definitely ping in a few times as well, since the response to your letter hit a few bad chords.
    On the other hand, I try not to get involved in topics like this that are above my head. 🙂 Rhetorically, though, you have good points, Hoff.
    Switching gears, I think you should do a BJJ piece in response to Jeremiah's about your sparring/training experience! 🙂

  2. April 14th, 2008 at 17:40 | #2

    I feel ya, LV. I really had no inclination to write this until the attitude become more important than the research.
    In terms of a response to Jeremiah's piece, I don't have much more to say. I mean, he said it best when he said "gurrrggggle" as I choked him to a tap with an Ezekiel. 😉 I am convinced that he will return the favor at BlackHat however…

  3. mr_profit
    April 15th, 2008 at 04:09 | #3

    Joanna said:
    "However, I couldn’t give such an answer to this very question, simply because of the reasons given in point #2 (see above)."
    Dude. She was merely saying that she didn't give that particular answer to _that_ particular question for the reasons covered in her point #2. If you read the very next sentence it becomes abudantly clear that she is _not_ being deceptive at all:
    "If I remember correctly, I indeed used this very American expression to answer somebody’s concern (undoubtedly our Christofer Hoff’s) that most of the type I hypervisors out there are based on monolithic hypervisor architecture, and not on the micro-hypervisor architecture (and that I should not try to convince people to switch to micro-hypervisor architecture)…"
    Note the "i indeed used this very american expression" bit.
    In response to your point about Joanna being responsible for keeping the media honest (or non-sensationalist), i think you must be living in La La land. THE MEDIA SENSATIONALIZE. Thats how it works.
    Lastly, i think your comments about the language gap are below the belt. Despite Joanna's accent (which I find rather sexy 😉 ) i find her presentations and writings to be clear, relevant and interesting. I would like to see how well you could present research on hypervisors in polish!
    The rest of your "letter" sounds like:
    "Joanna's talk was over _my_ head and i resent that because i like to think of myself as smart/clever"

  4. April 15th, 2008 at 05:07 | #4

    Oh, m'kay. Thanks for clearing that up.
    Last time I checked, I was there. Were you? I know exactly what she said and when. I didn't ask the question she refers to, so perhaps she decided to cop-out twice in one presentation? Some other lucky person got the "I don't give a shit" treatment? Fabulous.
    I give interviews almost weekly. I understand the game well. What I don't understand is how I'm supposed to feel sorry for someone who continues to be "sensationalized" and obviously manipulated (based upon what she's claiming.) I think almost every single article I've read is like this which means that out of the two of us — following your logic — she's got real problems dealing with the press.
    The language gap — well, I'm glad you find it "sexy." I'm sure speaking in a foreign language is quite difficult, especially when presenting technical material. I've listened to Joanna present three times, and each time it's extremely difficult to follow. She brought up the issue of language indirectly, I'm simply highlighting it.
    Part of the responsibility of a presenter is to ensure that what is said is clearly understood. Her writing is much better. The issue at hand is that what she said didn't jive with the slides, which is why I sought clarification in the first place; if I didn't care and had a closed mind, I would have just left.
    Perhaps if you would take off your fanboy goggles for a second, you might see that.
    Hang on, perhaps I should just use my own cop out. Let's see. Following suit, I should say something like:
    "I don't give a shit, I'm just a blogger."
    I appreciate your comments, I just don't agree with them.

  5. Chris
    April 15th, 2008 at 06:54 | #5

    "I don't give a shit. I'm a researcher."
    Sounds like _Die Physiker_ is hard to find in "eastern european" libraries.

  1. No trackbacks yet.