On Wed, Apr 4, 2012 at 23:46, intrigeri <intrig...@boum.org> wrote: > Maybe your conclusions on VM speed are simply too tightly bound > to QEMU?
That's probably the case — QEMU is much slower than VMware and VirtualBox even when virtualization extensions are available. The reason I only tested QEMU is because it seemed like the only lightweight option (a few MiB overall added to the image, if I remember right). > In the scenario this thread is about, I don't think it's that hard to > find a way of splitting the memory that allows the user to perform > their task, without being all too wasteful: > Obviously, this gets much harder for applications VM. True, my use case was using a VM for running the unsafe browser, not as a thin layer for the whole system. > These abstractions are probably the only reason why I think this > approach would somehow make sense for Tails needs (even if I don't > know if we will go this way in the end). But if such abstractions are the target, perhaps there are better alternatives than running everything in a VM? E.g., making the user who establishes network connections different from the main user, and preventing the main user from accessing any network information. > This is hardly a technical question. It's obvious to me how the way > you ask it, and the way I am answering, say much about how Tails and > Liberté Linux differ in their approach of non-technical matters, in > the ways we think our relationship to users. I actually view this as a technical question (Liberté Linux does not assume technically knowledgeable users either). The user is expected to keep private information on the system (remember that Liberté had persistence from the beginning, but this is often true even without persistence). If the system is exploited, finding out the computer's MAC / IP addresses will most likely be the least of the user's problems. The only case where using a VM is justified then, in my opinion, is for running specific untrusted applications inside it (application VM above). This is different from, e.g., setting up a hidden service server, where you expect it to be eventually exploited, and take care to not keep any private or identifying information on it. I should also mention here that I never got an answer on this list about whether Tor is actually designed to withstand active attacks from within the client. It could be that running everything inside a VM doesn't even help against discovering the externally exposed IP of an exploited VM guest by some kind of active network probing attack. > But I absolutely don't > think that "learning how to choose, install and configure > virtualization software, and how to setup a Tails or Liberté VM in > there" belongs to the kind of knowledge that empowers people to make > their own security decisions properly. Well, Liberté is distributed as an .ova bundle as one of the download options — setting it up is as simple as opening the file in VMware / VirtualBox. I devoted substantial efforts to making the .ova “just work” for most users (OVF standard vs. reality is somewhat of a mess currently). Providing instructions for installing a “good” host OS should be enough in this case, I think. > Because, while people can run Tails in a VM by themselves already, > doing this certainly does not give them the same benefits as an > integrated, pre-configured "Live amnesic host OS + Tor routing VM + > desktop VM" Tails would: I don't disagree, I just don't think that this advantage is important enough to trump the inefficiency inherent in running everything in a VM for everyone. -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
