> At 12:03 PM 10/24/2007 -0600, Theo de Raadt wrote: > > > > Anything we can do to increase security, *including* setting up VMs (of > > any > > > flavor) is an improvement [that also increased hardware utilization]. > > > >This last sentence is such a lie. > > That depends on your viewpoint. There certainly may be some issues at the > OS level (which have been mentioned previously), however the majority of VM > applications benefit from security *isolation*, which has nothing to do > with security issues of the underlying OS, and that was the viewpoint I was > communicating.
The ends justify the means, even if the means don't actually perform as you declare? > For example, say you have three departments within a company: Marketing, > Development, Production. Allowing each department to maintain their own > server instance allows each department to have their own users, home > directory configuration, samba (possibly) network config & authorization, > separate file/print sharing domain, etc. > > That is simple not doable with a single OS, yet with a reasonable priced of > h/w all can be maintained on one platform. > > The security benefits are at the application level, *NOT* at the OS level. This has NOTHING to do with security. You are just saving pennies. You did zero actual security assessment, so you are just talking out of your ass. > >If people were saying: > > > > "Yes, it increased hardware utilization, and the nasty > > security impact might be low" > > > >it would be fine. > > > >But instead we have many uneducated people saying: > > > > "Yes, it increased hardware utilization, and it improved security > > too". > > > >And that's complete and utter bullshit. > > Perhaps more correctly: > > "Yes, it increased hardware utilization, and it improves > security/isolation between different work domains" > > However few outside this community would have any comprehension of the > difference. You're so full of it. There is no security/isolation. You are making it up out of thin air to justify the pennies you saved. It's a total lie.
