From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-140416-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 5255D13800E
	for <garchives@archives.gentoo.org>; Tue,  7 Aug 2012 18:48:24 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 20CC7E074E;
	Tue,  7 Aug 2012 18:48:07 +0000 (UTC)
Received: from mail-qc0-f181.google.com (mail-qc0-f181.google.com [209.85.216.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id CDA73E0724
	for <gentoo-user@lists.gentoo.org>; Tue,  7 Aug 2012 18:46:24 +0000 (UTC)
Received: by qcpx40 with SMTP id x40so2874178qcp.40
        for <gentoo-user@lists.gentoo.org>; Tue, 07 Aug 2012 11:46:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=NIJXzBEmuIP3CFDu4pig70q+y3xBJya8aeN0AZN/RW8=;
        b=ethovz1LLApUu48yV7RY15NV4rJwFvnbhOouidOAYYcJXO55GR1LGcgftgAHB8en9Q
         kR323SFMg8b6/p+KEqzrojhz1+JhcfIMbcOBnq63U6s6gRIXRZIJNJ8mzU7CqTsHsKDu
         k1r0U8xoaaYzEC3V/oabJCnLWI25yB0p7rAw+pb1EKgAK8/zLK9Hqp0Z2d7WBllXYNiF
         9AhDdpDf2PHKX/YLiwkNtWGq2nejsQtn5MSrlnuN0Xff4RwFowOnQ51QuwEKT7MXLVSC
         piBvkzk9x3C31eYJmNL5Mr3qRkR6iu05meeV85Tuo/W2pglorflQYtD7hLa8xHGb6j0k
         HWGA==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.224.207.2 with SMTP id fw2mr25630757qab.34.1344365184067; Tue,
 07 Aug 2012 11:46:24 -0700 (PDT)
Received: by 10.229.190.196 with HTTP; Tue, 7 Aug 2012 11:46:24 -0700 (PDT)
In-Reply-To: <loom.20120807T185900-387@post.gmane.org>
References: <loom.20120807T175009-414@post.gmane.org>
	<CAK2H+ecc4Es4Wc4syucJ0h6bC0CmeYz42JPJcREcR+77fNe8=g@mail.gmail.com>
	<loom.20120807T185900-387@post.gmane.org>
Date: Tue, 7 Aug 2012 11:46:24 -0700
Message-ID: <CAK2H+efoda2UAPR7fj+DAtRZEGs+Mg-qVbxR-gT0AOREsmSyMA@mail.gmail.com>
Subject: Re: [gentoo-user] Re: Gentoo: stock trading tools ?
From: Mark Knecht <markknecht@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: a1caac1b-1d4a-4a3f-b117-86c8d4098aaf
X-Archives-Hash: 3d400e25674e613c950d49c5d2b24baa

On Tue, Aug 7, 2012 at 10:17 AM, James <wireless@tampabay.rr.com> wrote:
<SNIP>
> Hello Mark,
>
> I think I'll put the R stuff as research interest on a separate
> machine to evaluate...  I'm Looking for some guidance on this
> (VM) subject, related to online stock trading. Should I set up a
> machine on a hardened system? SeLinux? Other ideas like a
> transparent bride with some specific application filtering?
>

Sounds like you're beyond my abilities. I use standard stable Gentoo
myself. (I.e. - NOT ~amd64) Each Windows VM has it's own Windows
license as well as it's own virus protection license. I run different
trading apps in different VMs. All trading VMs are Virtualbox.

In my case the compute server is a 12 core Intel machine. I dedicate
10 cores to the VMs (6 cores to one VM, 2 cores each to the other 2
VMs) for 3 VMs using 10 cores. That leaves 2 cores to Gentoo to manage
the hardware.

I do similar things on an 8 core machine, etc. I always reserve 2 CPUs
for Gentoo.

NOTE: Windows and it's apps are memory hogs so you'll need a LOT more
memory than you think to make this work well day in and day out.

> Should I setup a specific application firewall between the VM system
> and the outside net? A generic security (architectural) approach is of
> keen interest to me (reading references?). Windows security for me is
> often troublesome; so specific (private?) suggestions are also of keen
> interest to me.
>

Again, probably beyond my abilities to give guidance. I use standard
Windows virus & firewall protection inside each VM and hope for the
best figuring it's no worse than using Windows on real hardware.

As with everything Windows, it's all a crap shoot as far as I can tell.

HTH,
Mark