> On 27 Sep 2015, at 18:01, Theo de Raadt <dera...@cvs.openbsd.org> wrote: > >> Quernus <m...@quernus.co.uk> wrote: >>> On 27 Sep 2015, at 16:10, Stuart Henderson <s...@spacehopper.org> wrote: >>> >>>> On 2015-09-27, Quernus <m...@quernus.co.uk> wrote: >>>> >>>> I actually run OpenBSD in a VM on FreeBSD using bhyve which gives me the >> best >>>> of both worlds. >>> >>> This has an impact on security, of course. >> >> In what way? If you mean the hypervisor does not provide adequate separation >> between VMs then that is not really an issue as I control the host and all >> VMs. If any are compromised then I have bigger issues. > > We don't need to make precise claims about which parts will break, nor > how.
Iâm not asking that. I was just curious as to what the basis was for the âthis has an impact of securityâ statement with no context or backup of the statement. > The problem here is the process of gluing all-the-parts together > without evaluating what is oging on. You need not talk about big > issues once things go worng -- you do have big issues right from the > start, just like everyone else. > > Once you hook a system up to the internet, it is the internet that is > trying to push the buttons of the system. Indeed, hence the statement âThis has an impact on security, of courseâ could be applied to attaching any software or hardware of any kind to any kind of network. Writing this email âhas an impact on security, of courseâ. Opening my front door in the morning 'has an impact on security, of courseâ. It is a uselessly vague statement on itâs own. > By combining many disparate pieces together, you require all those > layers of software to make the right decisions, and never make wrong > decisions. You require all the programmers to be largely infallable. > > You are testing all the parts at once. > > There's a general rule which may apply here: > > More software, more bugs. > > It is clear that your priority is on gaining more operational > features, rather than greater quality. Yup. Alas, utopia doesnât exist. We all have to make compromises and prioritise our requirements and trade offs. For me, this is a very nice blend of security, manageability and convenience for my use-case. YMMV. > I know lots of people are doing the same. Anyways, good luck with it > long term. Thanks! Iâm blogging about how it is turning out. So far seems to be working pretty nicely. -Matt â Matt Hamilton Quernus m...@quernus.co.uk +44 117 325 3025 49b Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus Ltd is a company registered in England and Wales. Registered number: 09076246
