Hacker News new | ask | show | jobs
by Always_Anon 917 days ago
Why not just do all that in a throwaway container?
1 comments
fsflover 916 days ago
Hardware virtualization is much more secure.
link
Always_Anon 916 days ago
Not any more it isn't. Rootless non-root containers are about as secure as VMs today.
link
fsflover 915 days ago
Last time VT-d virtualization was escaped was in 2006 and done by the Qubes founder herself: https://en.wikipedia.org/wiki/Blue_Pill_(software)

How is it about the containers?

link
Always_Anon 915 days ago
>Last time VT-d virtualization was escaped was in 2006 and done by the Qubes founder herself:

Have you been living under a rock [0]?

>How is it about the containers?

Container security aka OS virtualization has been quite secure for a while now.

[0] https://www.csoonline.com/article/551445/significant-virtual...

link
fsflover 914 days ago
> Have you been living under a rock [0]?

I think you don't understand: Qubes relies on hardware, not software virtualization: https://en.m.wikipedia.org/wiki/Hardware-assisted_virtualiza...

link
Always_Anon 914 days ago
I think you don't understand. Qubes relies on software virtualization in conjunction with hardware assisted virtualization instruction sets. The aforementioned vulnerability existed in Qubes Xen.
link