Marius Schwarz wrote:
>  From guest to host:  you need to trust the host not to spy on you, your 
> data, connection targets aso.

Correct. This is a fundamental principle. Users are at the mercy of the
sysadmin. Programs are at the mercy of the operating system. Virtual
machines are at the mercy of the host operating system. "The cloud" is
just other people's computers, and those people have the power to spy
on what you do on their computers.

The processor vendors market so-called "secure enclaves" that are
supposed to make it so that the host operating system can't see what a
guest program does. Of course that means only that the vendor's
firmware is the true host, so now the "host" and the guest are both at
the mercy of the unfree and secretive firmware. And there have been
news about firmware bugs that let attackers bypass the protection,
rendering the enclaves useless.

The solution is to consider security before you rent other people's
computers, and keep secrets and sensitive data on your own hardware.

Björn Persson

Attachment: pgpojY8pw6hQR.pgp
Description: OpenPGP digital signatur

--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to