zlacker

[parent] [thread] 2 comments
1. Syonyk+(OP)[view] [source] 2023-07-11 19:47:51
Yeah. He's probably right. When we first saw Meltdown/Spectre/etc, and he preemtively disabled hyperthreading out of an abundance of paranoia, turned out he was right...

It's all broken, all the way down. However, compromising a browser or kernel is still a lot easier than compromising a hypervisor. At least in terms of number of known exploits.

Qubes tends to make very limited use of the riskier parts of Xen anyway, though. A lot of the security notices for Xen don't apply to Qubes because of how they've configured things or what features they use.

replies(2): >>though+h3 >>snvzz+Em
2. though+h3[view] [source] 2023-07-11 20:05:33
>>Syonyk+(OP)
He's been right more times that I can count. Abrasive guy for sure, but he has decided not to suffer idiots. And he does what he does for himself; we are lucky beneficiaries.

Agree wrt your arguments; it's also why I write this in a browser in a VM that is not used for anything else than this sort of thing, and periodically I will roll back to a recent snap shot with a clean browser.

(I do not use Qubes, but I do like their work.)

3. snvzz+Em[view] [source] 2023-07-11 21:52:41
>>Syonyk+(OP)
There's also Makatea[0], an effort to build a Qubes-like around seL4.

0. https://trustworthy.systems/projects/TS/makatea

[go to top]