Linked by Thom Holwerda on Sat 2nd Feb 2013 01:47 UTC, submitted by rohan_p
"Whonix is a project to build an operating system that will offer the maximum privacy and anonymity possible straight out of the box. Its creator, 'Adrelanos', says the aim is to make it as hard as possible for privacy-conscious users to make missteps when it comes to remaining anonymous. 'It also provides loads of documentation and possibilities for interested users to make it even more secure,' he says." We've already covered Whonix before.
Thread beginning with comment 551225
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:2011-01-28
Laurence,
"Why are they using VirtualBox? Surely OpenVZ would be better suited for this - completely sandboxed networking and containers are harder to break out of than Virtual machines..."
What makes you say this? Now I don't know the particulars of VBox (I'm a KVM user myself), but in general within a VM the networking is completely sandboxed as well. The virtual network traffic cannot just jump onto the host's network stack unless they're bound somehow.
"(which, for the record, a skilled hacker can escape so the 'no malware' argument of theirs is a little ignorant)."
You'll have to forgive me if I have my doubts, maybe OpenVZ is more secure, but such claims deserve to be backed by hard evidence.
"...Plus containers will have a much lower footprint than VirtualBox. In fact pretty most other virtualisation solution would have a lower foot print than VBox..."
I can believe this, I had read that VirtualBox is slower than KVM (which is also VM based) due to the progressive state of virtual io drivers in KVM. I don't think your loosing that much to virtualization with the right hardware extensions enabled, maybe 5-10%, but that's an educated guess.
Member since:2012-11-01
I don't think your loosing that much to virtualization with the right hardware extensions enabled, maybe 5-10%, but that's an educated guess.
What user would see is not merely the 5-10% overhead of VM. Rather the overhead of OS inside the VM as well as other overhead of layers, which would be more than 20 or 30% in the end.
Actually, on my late 2011 MBP with i5 24Ghz, I feel like it is actually less than 50% of application running natively.
5-10% is barebone perfomance of VM against barehone perfomance is actual hardware I rekon.
RE[2]: Comment by Laurence
by Laurence on Sun 3rd Feb 2013 12:34
in reply to "RE: Comment by Laurence"
Member since:2007-03-26
What makes you say this? Now I don't know the particulars of VBox (I'm a KVM user myself), but in general within a VM the networking is completely sandboxed as well. The virtual network traffic cannot just jump onto the host's network stack unless they're bound somehow.
The issue isn't with the network breaking out, but services. VMs still borrow services from the host environment (see the example posted below). Once you've gained shell access to the host, it doesn't really matter if the network is sandboxed because you're gaining root on the host without having to touch the host's NATing.
You'll have to forgive me if I have my doubts, maybe OpenVZ is more secure, but such claims deserve to be backed by hard evidence.
Cetainly, it was bad of me not to cite any evidence:
https://www.youtube.com/watch?v=hCPFlwSCmvU
What makes you say this? Now I don't know the particulars of VBox (I'm a KVM user myself), but in general within a VM the networking is completely sandboxed as well. The virtual network traffic cannot just jump onto the host's network stack unless they're bound somehow.
Not all hardware supports extensions and paravirtualisation will always perform faster than hardware emulation. Which is where containers come into their own: you're using the host hardware and kernel but everything else is sandboxed.
You can even do snapshots and a number of other VM-centric tools with containers too.
Don't get me wrong, VMs do have their place too - I'm not trying to argue that containers are the holy grail of virtualisation (though technically not virtualisation), but I honestly do think containers are a massively underrated and overlooked tool
Edited 2013-02-03 12:37 UTC
Features
Linked by Thom Holwerda on 06/13/13 14:35 UTC
The third and final WWDC product I want to talk about is - of course - OS X 10.9 Mavericks. While iOS 7 was clearly the focus of this year's WWDC, its venerable desktop counterpart certainly wasn't left behind. Apple announced OS X 10.9 Mavericks, the first OS X release not to carry the name of a big cat.
Linked by Thom Holwerda on 06/11/13 17:07 UTC
We already talked about iOS 7 yesterday (after a night of sleep, it's only looking worse and worse - look at this, for Fiona's sake!), so now it's time to talk about the downright stunning and belly flutters-inducing new Mac Pro. As former owner and huge, huge, huge fan of the PowerMac G4 Cube - I haven't been this excited about an Apple product since, well, I would say the iMac G4. This is the Apple I used to love.
Linked by Thom Holwerda on 06/10/13 23:13 UTC
Apple held its big keynote event thing at WWDC earlier this evening, but since I was away with friends I've had to read up on it later in the evening. The company announced iOS 7, OS X 10.9 Mavericks, and they gave a preview of the new Mac Pro. Especially the Mac Pro impressed me, and while iOS 7's new Holo/Metro-inspired theme looks messy and garish to me, I do commend Apple for finally breaking the mold. This news item will focus on iOS 7 - I'll dive into the Mac Pro and OS X 10.9 tomorrow (it's late here now).
Linked by Thom Holwerda on 06/08/13 14:57 UTC
And yes, the PRISM scandal is far, far from over. More and more information keeps leaking out, and the more gets out, the worse it gets. The companies involved have sent out official statements - often by mouth of their CEOs - and what's interesting is that not only are these official statements eerily similar to each other, using the same terms clearly designed by lawyers, they also directly contradict new reports from The New York Times. So, who is lying?
Linked by Thom Holwerda on 06/07/13 11:40 UTC
This story is getting bigger and bigger. Even though most Americans probably already knew, it is now official: the United States government, through its National Security Agency, is collecting the communications and data of all American citizens, and of non-Americans using American services, through a wide collaboration with the large companies in technology, like Apple, Google, Microsoft, Facebook, and so on. Interestingly enough, the NSA itself, as well as the US government, have repeatedly and firmly denied this massive spying on Americans and non-Americans took place at all.
Linked by Thom Holwerda on 06/04/13 12:45 UTC
Ah, patents - the never-ending scourge of the technology industry. Whether wielded by companies who don't actually make any products, or large corporations who abuse them because they can't compete in the market place or because they're simply jerks, they do the industry a huge disservice and are simply plain dangerous. According to The Wall Street Journal (circumvention link), president Obama is about to take several executive actions to address patent trolls - which may seem like a good idea, but I am very worried that all this will do is strengthen the positions of notorious patent system abusers such as Apple and Microsoft.
Linked by nfeske on 05/31/13 10:12 UTC
With version 13.05, the developers of the Genode OS Framework take measures to ensure that Genode continues to scale well with a growing number of users and the steadily broadening platform coverage. Further highlights are the improved SoC support for Exynos 5, OMAP4, Raspberry Pi, i.MX, and new components for realizing headless systems.
Linked by Thom Holwerda on 05/29/13 16:59 UTC
At the D11 conference, Apple CEO Tim Cook once again took the stage to be interviewed by Walt Mossberg and Kara Swisher. While most of the interview can be replicated by picking and reading 10 random Apple fanblog stories - there were still a number of very interesting things that warrant some closer scrutiny.
Linked by Thom Holwerda on 05/24/13 17:26 UTC
So, the Xbox One disaster continues. Microsoft's policy for dealing with the used games market has reportedly leaked - and it's a clear and direct attack to destroy the used games market. Prices for used games will be set at the retail value of a new game, and retailers have to hook into Microsoft's computer systems and comply with Microsoft's terms and conditions.
Linked by Thom Holwerda on 05/21/13 21:38 UTC
At an event earlier today, Microsoft unveiled the next Xbox - the third model, but confusingly named Xbox One. The big focus was TV, integrated Kinect, and all the other stuff we all expected to be forced down our throats. I think it took them 25 minutes to actually come to what should be the core of the story: gaming. Nothing groundbreaking in the gaming department, except for how Microsoft intends to handle the used games market and borrowing games from friends: pay up, buddy!More Features »
Sponsored Links
Member since:
2007-03-26
I didn't spot the first item (it was over Christmas so didn't spend much time on news sites - or even online)
Anyway, re Whonix:
Why are they using VirtualBox? Surely OpenVZ would be better suited for this - completely sandboxed networking and containers are harder to break out of than Virtual machines (which, for the record, a skilled hacker can escape so the "no malware" argument of theirs is a little ignorant). Plus containers will have a much lower footprint than VirtualBox.
In fact pretty most other virtualisation solution would have a lower foot print than VBox, so that would have been my last choice of software to use (not that there's anything wrong with VirtualBox for home use, but I wouldn't recommend having an OS dependant on two VBox VMs running constantly if you actually want said OS not to perform like a dog on modest hardware.