Announcement

Collapse
No announcement yet.

questions about VMWare capabilities..

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • questions about VMWare capabilities..

    Hi all,

    First - I am new here, sorry if post is not posted in the right forum to the right people. And second - I am new with VMWare.

    I read about different VMWare products, about VMWare performance, some use cases. And I have few questions in my mind. Will be great if someone give me litle more light or directions and save me time for searching or trying. Some questions are maybe not logic or totally wrong - please advice. Thank you very much in advance.


    Here my questions (I think mostly about VMWare workstation):

    1. Maybe worring about performance, so thinking like - is it possible to install two OS and to boot into as native and as virtual. Example - 2 different WinXP installations: "corporate" and "private". I want to be able to boot both (performance). Sometimes I could need to load second OS inside VMWare (say first OS is already loaded and I need to login quickly into second without rebooting)


    2. Thinking about security and virus protection. If I have host OS, without "stupid" 3rd party software. And guest OS for testng and anything. Then, can I think like "it is 99.9% sure no one program from guest OS can even touch my host OS"?
    I think, the opposite is not true (host OS for "anything" and stable guest OS).


    3. One simple example about hardware compatibility question - I have guess OS on my laptop. Can I use "function" keys inside (volume Up/Down). If I move it to another host OS (laptop or desktop) will I be able to use "function" keys or any specific hardware devices? Or can you run something like TV tuner (just example) inside guess OS?


    4. ESX server hardware limitations - the same example, can I install it on my laptop? What about "function" keys?


    Thank you for your time.
    Plamen.

  • #2
    Re: questions about VMWare capabilities..

    1. if the computer is properly configured and has sufficient resources, there should be little to no impact on performance... besides the performance degradation typical with high-cpu activities. what you want to do is do-able...
    if it was me wanting to do that, i would use RHEL as the host OS, then create the 2 XPs as vm's. using RHEL as the host OS is much more efficient than using XP as the host OS imo.

    2. heres my take on virtual security... its the same as a physical machine. protect it the same way you would protect a real machine. as far as being able to compromise a host thru the virtual, i dont know. the way it appears when doing an IP scan, the host and the guest appear as two separate clients... so the user doing the compromising would have to know... you can examine the MAC address and realize that you are 'talking' to a virtual. but i dont think that you can execute code from the guest OS to the host, unless you have allowed it to do so. depends on how you set up the network portion on the virtual... bridged, NAT, host.

    3. yes and no. of course it will depend on models and manufactures and software... for example, i can use the function keys in a virtual if it has focus, but the 'blue button' on my IBM laptop has no effect on the virtual regardless of focus, because its a hardware dependent device. i cannot comment on the use of a TV tuner on a virtual. the intense buffering and read-writes on the drive would make virtualization of a DVR/PVR not ideal scenario imo. if it was just displaying and not buffering, maybe... but i would advise against that.

    4. ESX is a whole new ball game. the harware requirements are very specific. if your network card isnt on the list of acceptable NICs, then you wont even be able to install ESX. ESX is the host OS in this situation. its very init 3 if you know what i mean, so do be wary... in addition, its unlikely that ESX will support a tuner card, without doing a recompile of the kernel to include the tuner card drivers, assuming that there are Linux compatible drivers available. this still doesnt guarantee that it will work with ESX because of the way the hypervisor works in ESX...

    hope that helps some.

    James
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: questions about VMWare capabilities..

      Yes, it helps.

      Thank you very much
      All best wishes.

      Comment


      • #4
        Re: questions about VMWare capabilities..

        add the that the fact that ESX is NOT linux, and afaik the kernel source is not available. meaning you will not be able to recompile it even if you want to. ESX kernel and filesystem are proprietary. The linux there is the first guest system, used for management, not the host system.
        ________
        Silver surfer vaporizer
        Last edited by DYasny; 6th March 2011, 17:55.
        Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

        BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

        Comment


        • #5
          Re: questions about VMWare capabilities..

          I see... in fact the simple idea was this (maybe it is not new but new idea for me):

          1) to have empty host OS without internet, all doors closed (services stopped)

          2) to have guest OS for daily tasks
          - easy incremental backups done out of box (without life CD)
          - no worry for viruses - because I have daily backups
          - no worry for hidden files/processes/keyloggers - out of box I could see all changes day by day
          - no worry for private data - there is nothing private in "work" guest OS

          3) to have dedicated guest OS for e-banking and all private stuff
          - easy security setup - disable all except e-bank web site
          - easy task for non experts - just you need to remember one rule - "money and private only inside e-banking OS"


          So, all tasks like:
          - network analyses
          - system analyses
          - backup
          - restore
          - virus check

          All this you can do out of box, without reboot, without life CDs. I mean, the life could be much easier.

          What is current state - very complex antivirus software, performance affected very much, security is not high because:
          1) unknown viruses;
          2) you can't do easy analyse out of box;
          3) you do not have flexible environment and that is killing all efforts. Example:
          - you can't stop service X and increase security because applications A,B,C will stop working
          - you can't risk with settings because you are not expect, tomorrow you will not remember how to revert it
          - you can't risk, because it is all in one box - one single windows installation and all private data, photos, fun - it is all there - you could loose everything if system become unstable
          - new technologies, new programs not working, you are upset and you wish just to disable firewall for 30 min., but this will expose whole PC and all data on risk
          - ZoneAlarm Pro and similar products - if you want to setup them properly - then you have to answer many questions like "program X trying to access internet", etc.

          It is not flexible environment, there are 1000 applications and 1000 security settings and even if you read a lot it is risk to play with such system.

          Even before simple changes in registry they say: please do backup. What do you do if you are dummy. You already found eventual solution for your problem, you have 10 Internet Explorers already open. Now you have to close all applications to do nice backup. Once backup is done, you feel like you forgot why you had to do backup. Ok, again go back, again read what changes in registry are necessary, etc, etc.

          What about VMWare (or any environment) which allow you to separate you private data and reduce risks your box to become dead. This is better solution for advanced users, but also for dummies - my friends will not call me on phone to read me next antivirus message. All they need to do is "restore snapshot".

          Separate users and user rights could help here, but it is MS Windows - even this simply task is not easy. Because in this case I would like all applications to be installed inside home folder of "test" user, not installed for all users.

          Pity VMWare is not designed with that purpose, and antivirus vendors are not looking in this direction. Looks like there will be many limitations which I have to accept - issues with hardware devices, performance.

          Anyway, what do you think?

          I know Windows Vista have something more regarding "separate and protect one process from another". I do not know does it mean - less rootkits, no hidden processes, etc. I am not expert. But fact is - we choose AV vendor software because it is most popular and it find more viruses. Here example - when I buy car, any car will drive me from point A to point B. I could choose BMW or Toyota - they both will do the job. We do not coose AV software because of speed or because of analyses after "virus check" or because of user interface (different profiles, easy settings, etc). No we have to choose and hope it will catch our virus.

          I do not know, currenty there is always option for "unknown viruses" inside box where my private data is. So, conclusion is - we do not have security solution on the market.

          Comment


          • #6
            Re: questions about VMWare capabilities..

            how about just running linux? almost no viruses, windows apps run through wine, and can be chrooted, virtualization is out of the box, security is highly customizable, and backing up is a breeze
            ________
            Herbalaire vaporizer
            Last edited by DYasny; 6th March 2011, 17:55.
            Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

            BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

            Comment


            • #7
              Re: questions about VMWare capabilities..

              how about just running linux? almost no viruses
              As I know, it is not true. Right now I am ok with Windows without AV software because I know what I am doing. With linux I will be in danger because I do not know linux. Plus if there is profit, viruses will come immediately. More of windows viruses come with email attachments and people do mistakes (not all viruses come thru hidden doors).

              About me - if I want to experiment on my current laptop - is not designed for linux, there could be driver issues. Next - I could plan it like that.

              I want to say that:
              - only solution is to use separate PCs for separate activities (one dedicated for e-banking)
              - do not trust AV or firewall or marketing tricks - not because they are not working, but because 1) it is not 100% secure and 2) one mistake and all private data is in danger

              See, with simple solution everyone will be safe. Separate PCs - it is not possible to do mistake. But it is hard to manage them. Separate Virtual machines could make sense here.

              That is all. Have to think about it more.

              Comment


              • #8
                Re: questions about VMWare capabilities..

                As I know, it is not true.
                I did say "almost"

                Right now I am ok with Windows without AV software because I know what I am doing. With linux I will be in danger because I do not know linux. Plus if there is profit, viruses will come immediately. More of windows viruses come with email attachments and people do mistakes (not all viruses come thru hidden doors).
                the good thing about linux, is the fact that the only thing a virus will affect is not the system, but the user you are working under, and that can be backed up and checked for malware. BTW I never work in windows without AV software in the background, because there is too much overhead activity which, unlike linux, is not obvious - much more potential for a security threat.

                don't want to start a linux vs windows argument here. just consider it - using linux for everything, and just running a windows VM for windows specific things.

                About me - if I want to experiment on my current laptop - is not designed for linux, there could be driver issues. Next - I could plan it like that.
                neither is mine, but it works perfectly. Dell latitude d520

                I want to say that:
                - only solution is to use separate PCs for separate activities (one dedicated for e-banking)
                this is a bit on the extreme side.

                - do not trust AV or firewall or marketing tricks - not because they are not working, but because 1) it is not 100% secure and 2) one mistake and all private data is in danger
                the only way to be 100% secure is to pull the internet cable out. there are always risks out there, you just have to assess them correctly. a different PC for e-banking will not stop a potential hacker with the resources to hack into your system from doing so.

                See, with simple solution everyone will be safe. Separate PCs - it is not possible to do mistake.
                can't see the logic in that, sorry
                ________
                Ford Escape Specifications
                Last edited by DYasny; 6th March 2011, 17:56.
                Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

                BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

                Comment


                • #9
                  Re: questions about VMWare capabilities..

                  See, with simple solution everyone will be safe. Separate PCs - it is not possible to do mistake
                  can't see the logic in that, sorry
                  Imagine all activities with the same PC. So ebanking request max security. But new software (stupid example could be p2p applications) which request special handling in firewall and I do not know how to do it and I want to run that application today, so I could decide to disable firewall for 30 min. But this will expose all private data on risk.

                  What I am saying is - if I know everything then no risk for me. But if I know it today, tomorrow I will not - so many new technologies. So, if I separate my activities in separate real or virtual PCs (anything but separate). Then risk is reduced because if I disable firewall thinking it is safe. And if I fail in that because lack of knowledge - it is not important, my private data is not touched.

                  What you are saying for linux is almost the same: 99% work in linux, 1% windows. I gave example like: 1% ebanking, 99% consider as dangerous and do it in test environment. It is individual for everyone - what is private data/activity and what is risky activity. As I told risk depends of knowledge.



                  Ok, let me put it in this way: my parents get new PC and call me to setup it and to explain how to use it. They are regular PC users - ebanking plus internet, nothing else. And here it starts because these two activities are not separate. So you have to install firewall and all AV software working in background. Then to disable and replace Internet Explorer with firefox (which was problem 1 year ago because of not perfect e-bank web site - automatic certificate install could fail in firefox). Then you have to replace email client. And finally you have to disable completely "open attachments". And more and more rules and settings and advices: do not do this, do not click that.

                  Now compare it with 2 separate PCs. One for ebanking. Another with fresh install + backup. You have to explain one simple rule - no ebanking in "test" PC. So, simple and no mistakes. As I told, maybe I know everything today but tomorrow - no. So I could do mistake, and count here 100 settings screens and 100 services.

                  If it is possible with VM, if cost and performance are not an issue, then you get freedom and flexible environment. New application or new chat programs - no problem, it goes to test PC or test virtual machine.

                  You are right, I have to read more about linux. But this idea about separate environments is not on the market. People talk more which AV is better but fact is they all are not good enough if you put all in one work environment.

                  regards.
                  Last edited by mmm4m5m; 27th December 2007, 16:38.

                  Comment


                  • #10
                    Re: questions about VMWare capabilities..

                    Imagine all activities with the same PC. So ebanking request max security. But new software (stupid example could be p2p applications) which request special handling in firewall and I do not know how to do it and I want to run that application today, so I could decide to disable firewall for 30 min. But this will expose all private data on risk.
                    of course not. ebanking security is mostly defined on the server side - ssl, certificates, anti phishing schemes - it's all there. and if the bank is properly paranoid, and employs RSA or at least usb keys, and virtual keyboards, you shouldn't worry at all.

                    What I am saying is - if I know everything then no risk for me. But if I know it today, tomorrow I will not - so many new technologies. So, if I separate my activities in separate real or virtual PCs (anything but separate). Then risk is reduced because if I disable firewall thinking it is safe. And if I fail in that because lack of knowledge - it is not important, my private data is not touched.
                    you shouldn't be very knowledgeable in IT security in order to maximize the safety of your online banking. neither do you need a firewall (that is you do if you're running windows, but not specifically for ebanking). the firewall is merely a device to close ports. a proper stateful firewall is something you wouldn't have at home anyway, not usually at least.


                    What you are saying for linux is almost the same: 99% work in linux, 1% windows. I gave example like: 1% ebanking, 99% consider as dangerous and do it in test environment. It is individual for everyone - what is private data/activity and what is risky activity. As I told risk depends of knowledge.
                    what I mean is that in linux it is much easier to detect, verify and get rid of trouble if the system is compromised.


                    Ok, let me put it in this way: my parents get new PC and call me to setup it and to explain how to use it. They are regular PC users - ebanking plus internet, nothing else. And here it starts because these two activities are not separate. So you have to install firewall and all AV software working in background. Then to disable and replace Internet Explorer with firefox (which was problem 1 year ago because of not perfect e-bank web site - automatic certificate install could fail in firefox). Then you have to replace email client. And finally you have to disable completely "open attachments". And more and more rules and settings and advices: do not do this, do not click that.
                    yup, those are the normal windows environment issues.

                    Now compare it with 2 separate PCs. One for ebanking. Another with fresh install + backup. You have to explain one simple rule - no ebanking in "test" PC. So, simple and no mistakes. As I told, maybe I know everything today but tomorrow - no. So I could do mistake, and count here 100 settings screens and 100 services.
                    if the ebanking PC is safe and well set up, why not use it for other things as well? back that perfect system up and use it as you like

                    If it is possible with VM, if cost and performance are not an issue, then you get freedom and flexible environment. New application or new chat programs - no problem, it goes to test PC or test virtual machine.
                    and that is exactly why linux is good - those things do not require another full scale system - just a different user or a chroot. you can ruin everything for a user in linux, and simply erase the user and recreate it with all the default settings you yourself set up. recreation takes a few seconds. the only user in linux that can do damage to the system is root, and you never use that for user tasks, just like you should never use the administrator user on windows if you know what is best for you

                    You are right, I have to read more about linux. But this idea about separate environments is not on the market. People talk more which AV is better but fact is they all are not good enough if you put all in one work environment.
                    because this idea is wrong. it is a waste of resources.
                    ________
                    Home made vaporizer
                    Last edited by DYasny; 6th March 2011, 17:56.
                    Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

                    BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

                    Comment


                    • #11
                      Re: questions about VMWare capabilities..



                      i really dont know what happened to this thread, but lets recap to try to put this back on track...

                      virtual machines and physical machines carry the same caveats in all aspects... viri, malware, greyware, key loggers, and spyware can infect either.

                      a firewall doesn't protect you from any malicious code executed via internet explorer, etc... it simply prevents certain apps from binding specified ports.

                      we could sit here all day arguing linux vs. windows, but we will get nowhere. which gets you cleaner, a shower or bath?

                      you minimize no risks by separating duties onto different machines. any activity that is 'dangerous' on a physical box is 'dangerous' on a virtual box.

                      that said, i do have to agree with DYasny... you wont accomplish anything spectacular by using vmware server/player/workstation except by having more computers to manage.

                      if you really want to use something non-infectable, try a copy of knoppix or SUSElive. this keeps all information stored in volatile memory and not the hard drive. technically, it does find the windows page file and uses it for the swap partition, but you can prevent that even by disabling the swap partition at boot:
                      Code:
                      #>knoppix noswap
                      and you can also run knoppix from RAM instead of the CD if you need better performance:
                      Code:
                      #>knoppix toram
                      or combine the two codes to accomplish both:
                      Code:
                      #>knoppix noswap toram
                      good day, and you kids play nice
                      its easier to beg forgiveness than ask permission.
                      Give karma where karma is due...

                      Comment


                      • #12
                        Re: questions about VMWare capabilities..

                        I wasn't arguing linux vs windows here, only the fact that two systems are not the answer
                        ________
                        Buy no2 vaporizer
                        Last edited by DYasny; 6th March 2011, 17:58.
                        Real stupidity always beats Artificial Intelligence (c) Terry Pratchett

                        BA (BM), RHCE, MCSE, DCSE, Linux+, Network+

                        Comment


                        • #13
                          Security using virtual machines (VMWare)

                          Hi again and happy new year to all.



                          In this long post:
                          - explanation for eventual misunderstandings
                          - explaned reasons for initial VMWare questions
                          - summary of previous posts, hope problem is explained better

                          Maybe correct thread topic is "Security using virtual machines (VMWare)". Sorry for this mistake.



                          Originally posted by James Haynes View Post
                          i really dont know what happened to this thread, but lets recap to try to put this back on track...
                          First of all I want to say sorry if any confusion - initial question was about VMWare, after that I did explain the reasons for these questions - security.

                          About security - I am not sure do I know what I want. Mostly I am not sure do I know enough about security or do I know about windows architecture at all (even if I know more than average PC users) - kind of reason for this thread.



                          Originally posted by James Haynes View Post
                          a firewall doesn't protect you from any malicious code executed via internet explorer, etc... it simply prevents certain apps from binding specified ports.
                          There could be confusion because maybe I do mix these terms like antivirus, firewall and security software. Reason - ZoneAlarm is not pure firewall. Norton Security program is not anymore only antivirus. Currently there are many additional levels of protection. Different security levels like: incoming internet attacks, outgoing internet requests - per IP, per port, per process. Then check incoming email attachments, then block execution of infected applications. Some programs allow you to rules for every application - allow/deny execution, allow/deny internet access, allow/deny act as server, etc. Hope above is less or more correct.

                          In short, I am trying to say that: I do feel secured and confortable with current state. I did not explain about my current security settings. But I have some experience. I tryed different programs (FW and AV), I read about other programs, comparisons, reviews, etc. From one point of view current state is this (as I see it, if I am correct):

                          1) complicated security (AV, FW and other tools) software - many will install few drivers + services + 50 mb binaries

                          2) huge full time performance issues because of security software

                          3) very complicated security software settings

                          3.1) you almost can't live with default settings - some activities, in short "e-banking" required 100% security. Other activities like "work" could require additional setting for VPN connection (just simple example). And third activities like "connect and synchronize my PocketPC" will require additional settings like services which are could be already stopped because of "e-banking" activities. Hope it is clear and I think it is real example.

                          3.2) if you decide to setup custom application rules like allow/deny execute or internet access, then you have to be almost expert

                          4) term "unknown viruses" is not a myth and it is not acceptable for "e-banking" activity. Example - any car can take me from point A to point B. That is why car is created. Good cars will do it faster, more confortable, etc. When we talk about security software, in fact we mean is it working 50% or 60% or less or more. Can you use car which is working 99% - everything is fine, it is working 99% but car is not moving - 1% is missing. Take a look at some security software comparisons and reviews.

                          5) Unknown viruses is ok but only if they are out of my PC. Back to DOS time, it was more easy, at least there was not new security holes every day. Today every new version of security software is bigger and more complicated, but what about results. 100% security is possible only theoretical. I think current software is not even close. I do not have full understanding for rootkits and all hi-tech tricks used by both security software vendors and viruses, but we do not have single product which handle all tricks. And we do not have such second security product on the market to make a choose. Simple user do not understand all hi-tech tricks. Also software is not open code and we do not know which tricks are handled, is it properly handled. Mostly security software reviews are based on trying: "we try it, it looks working with currently available viruses on the market". If I buy it today I will install it tomorrow but tomorrow there could be new virus and I will not be protected.

                          6) what about advertisement companies which track your activities in internet. Many are not using only cookies for this purpose. Some are big companies trying to hide fact that they do steal private information.

                          Sorry for this long tirade, just thinking aloud.



                          Originally posted by James Haynes View Post
                          virtual machines and physical machines carry the same caveats in all aspects... viri, malware, greyware, key loggers, and spyware can infect either.
                          Because security need of everyone are different, so security solutions will differ. I define it (for my self) as few major tasks:

                          a) ability 100% secured area for all activities defined as "e-banking". Maybe you have only a single word but you want 100% no one to be able to touch it or to read it.

                          b) daily full backup of all other activities - if I lose information here, it is not private; if crash here, I can restore my yesterday backup.

                          c.1) private data must be separated.
                          c.2) with 100 drivers, 100 services, 1000 settings screens, 10 log files and 10 important application which required different security settings - mistake is very easy task.
                          About c) and d): It is better to: "know what exactly is exposed on risk", instead of "all private and non private data is together, even small mistake will expose everything on risk, even I do not know what is my current risk, do I have unknown virus"


                          And now back to the main idea: will it be different with two different real PCs and few easy rules:

                          A) use "e-banking" only with secured PC - perfect AV software not really requred because it will be: OS without other software but with firewall. Firewall settings: all incoming denyed, all outgoing disabled except e-bank web site

                          B) for all other programs use the another PC and do daily backups. Changes in settings in not critical there if you do mistake.

                          If it is virtual PC, then full backup is even more easy. I can do it using host PC. Imagine how easier it could be to explain these rules to my father.

                          I know there are limitations and negatives using VMWare or different PCs. But I am thinking: if I have a single word which I want to protect, then how to do such isolation of my private data.

                          Maybe user access rights - but it is not easier and it is designed to separate users. Binaries of all installed programs will be there together with my private data - meaning mistake will expose all private data on risk.

                          Using VMWare (or similar) there are also many positives - like the difference to do protection or analyze out of the box or to do it inside the box. If you want to secure one building, you will simply protect it with guard staying outside the building.



                          Originally posted by James Haynes View Post
                          a firewall doesn't protect you from any malicious code executed via internet explorer, etc... it simply prevents certain apps from binding specified ports
                          My limited knowledge for windows and rootkits, makes me feeling like if there is virus then it could easy get round firewall. Virus could be unknown virus, or it could be new secure hole in windows and new virus. If new virus, then it could be smart enough 1) to hide, 2) to hack my firewall and 3) to prevent antivirus from updates but to show like "updates completed successfully"

                          My limited knowledge for windows tell me that even using smart key is not secure because one smart virus could detect when my smart key is ON and could imitate user activities like - new hidden IE window, new bank transaction in background.

                          Such smart virus is matter of time... to be developed, or it is already here but not attacking regular users.



                          we could sit here all day arguing linux vs. windows, but we will get nowhere. which gets you cleaner, a shower or bath?
                          It was unexpectedly, main topic is "isolation in different virual machines for better security"



                          if you really want to use something non-infectable, try a copy of knoppix or SUSElive. this keeps all information stored in volatile memory and not the hard drive. technically, it does find the windows page file and uses it for the swap partition, but you can prevent that even by disabling the swap partition at boot:
                          Live CD is more closer than different PCs. Virtual machines will be more convenient for administration and everything... More risky also - it is usability vs security.



                          Any corrections, ideas, opinions for positives and negatives - very very welcome.

                          Kind regards.

                          Comment


                          • #14
                            Re: questions about VMWare capabilities..

                            no worries guys. im not a mod and wasn't trying to police the forum. i just wanted to keep the thread cohesive in some sense.

                            if you feel safer running three virtuals, then by all means run three virtuals.

                            i think all the major points have been adequately covered in this thread... you guys have fun.

                            james
                            its easier to beg forgiveness than ask permission.
                            Give karma where karma is due...

                            Comment


                            • #15
                              Re: questions about VMWare capabilities..

                              I know nothing about VMWare except how to spell its name. What is important to remember is that a Virtual Server is the same as a physical Server (except it is virtual). A VS has the same virus, malware, security (physical and software) problems as a physical Server. (Though it is easier to physically remove a VS from the premises than an actual hardware one.)

                              Repeat after me. "Physical and Virtual Servers have the same problems. Oh crap!!"
                              1 1 was a racehorse.
                              2 2 was 1 2.
                              1 1 1 1 race 1 day,
                              2 2 1 1 2

                              Comment

                              Working...
                              X