[mricon]

I'm sorry you all have to read just the slide deck. It's an hour-long presentation and a lot of content is simply not in the deck. :( Unfortunately, every time I've presented it, the talk was not recorded -- hopefully I'll eventually present it somewhere else that will capture it for me.

Additionally, here's a small op-ed piece that is supposed to go with it: http://mricon.com/i/airbags-and-steel-frames.html

[nickpsecurity]

It's a good presentation with many good points outside the horrid formatting. Just turn it into a PDF with slides for goodness sakes. Write key pages on a piece of paper for audience questions where you have to go back. Should work fine. :)

Btw, one thing worth correcting is false claim that QubesOS was or is only attempt at workstation security. I've evaluated almost a dozen over past 10 years with some still existing. List those here:

https://news.ycombinator.com/item?id=11654680

You really need to look up separation kernels as isolating most critical stuff in a dedicated partition protected with 4-12kloc kernel is one of strongest approaches. seL4 and Muen are examples with GenodeOS an example of FOSS attempt to do a Nizza-like architecture with strong foundation and best-of-breed components (esp Nitpicker GUI). High-assurance security is moving forward with hardware-software architectures with one maybe getting SOC release (plus source code) in 1-2 years. Yet, our prior work with separation kernels/VMM's plus safe code (esp SPARK Ada or C w/ Astree Analyzer) for trusted components is still stronger than any crap mainstream FOSS, VMware, etc are making. They rarely learn from the past.

Note: Email me if you want more examples of past and current high-assurance work. I have collected them for most focus areas with papers, prototypes and/or products.

[mricon]

> Just turn it into a PDF with slides for goodness sakes.

Hey, I'm not the ones who linked to slides.com. :) The PDF version is linked off the main conference page: http://kernsec.org/files/lss2015/giant-bags-of-mostly-water....

> Btw, one thing worth correcting is false claim that QubesOS was or is only attempt at workstation security.

You must look at my statements in the context of presenting this at the Linux Security Summit. You know a lot more about this than me, obviously, but from what I can tell, each of the other solutions you mention run custom non-Linux microkernels that provide virtualization to other consumer OSes. I'm ready to be educated here, but I believe I didn't misstate that QubesOS was one of the first pure-Linux mainstream attempts at workstation security through compartmentalization.

[mrmondo]

Oh, you're a legend, no more reveal.js thanks for the link!

EDIT: It was 28MB so I compressed it down to 1.7MB here (image quality wont be as good but meh): https://www.dropbox.com/s/8bu3rkj6pjbneiv/giant-bags-of-most...

[nickpsecurity]

Re slides. Oh, I must have misread meaning of one of your comments. I got a PDF to share now. Good. :)

Re "one of the first pure-Linux mainstream attempts"

Damn, I'd have had you if you didn't say mainstream. This statement is so well-worded I might have to agree with it. Sad part, though, is it's because mainstream rarely accepts anything more secure, esp high integrity/security. Rust and QubesOS are among a tiny set of exceptions.

[rdl]

If you want to give the talk at the CloudFlare office in SF or London (can get a couple other speakers -- maybe about network services), we could provide food for attendees and either free for 100-300 people or have people make a donation to Linux Foundation. Getting it professionally recorded so you could put it online somewhere would be easy; I can give you the files, or we could find a place to host them.

[mricon]

Thank you very much for the offer. I'm not sure I can easily take you up on that, as SF and London are about equally far from Montreal. I'll try to see if perhaps I can do an on-air hangout.