Tony Finch <dot(a)dotat.at> wrote:
|Steffen Nurpmeso <steffen(a)sdaoden.eu> wrote:
|> And it makes it possible to run browsers in a separate KVM into
|> which you log in with X11 forwarding enabled, for very insecure
|> things, and if your machine is strong enough.
|
|Nice! If you want a less-DIY more-packaged version of this idea, have a
Indeed there was also a nice thing on VDE2 which i searched but
could not find, so i posted the second best i remembered.. ^.^
|look at
https://www.qubes-os.org/intro/
This sent me on an interesting journey, reiterating all the Xen
/ KVM / etc. things, and which lead me to Librem, and i think
i will participate in one of the next batches of a Librem 13 --
i still haven't replaced my main machine that died more than one
and half a year ago. I wanted to go Zenbook for quite some time
(ever since), but this indeed looks very nice, too.
Yes, the Xen hypervisor approach is more like the supercomputer
compartments that some of the members of this list know about.
But, you know, if possible i really want to avoid such a huge
installation as a base system, i would prefer a small NanoBSD, or
a minimal-installation Linux (because i am a loser and prefer
a very good performing base system with binary security update
support), say, nothing more than the kernel, iptables, iproute2,
VDE2, qemu (minimal), openssl and openssh. And it needs X.
And i have found out that AlpineLinux offers a Xen Dom0
installation image: likely that it ships with Python preinstalled,
and Python and me is no-no-no. (If at all avoidable, that is.)
KVM/Qemu you can drive with a few shell scripts.
You know, i am so undecided. If someone would come around with
a modern mobile phone with a quad-processor and say 8GB RAM (free)
and a "Lapdock-station" that has a good keyboard and monitor, and
the possibility to boot a "normal" operating system "directly via
KVM/xy" (when plugging in), then i really would be satisfied. I/O
performance is what counts for me -- and here SSD and a virtual
machine with dedicated partition is much better than anything
i ever had before! --, CPU power i miss only when compiling, but
having four or even eight truly parallel threads would surely make
this acceptable -- i am used to two-core 1.4 GHz Core 2...
Yet of course noone will mix the markets of phones and laptops.
And what do you mean by DIY? Isn't it a pretty common abstraction
to have several users with different privileges? It must be
doable, of course -- if i recall correctly, switching users on
a Mac freezes anything of the current user, for example, and the
graphical firewall tool either allows ssh or not, so that the
scenario shown wouldn't even work (when using the Mac-GUI-provided
ways of doing things).
--steffen