[Freedombox-discuss] Policy questions

Jonas Smedegaard dr at jones.dk
Sun May 8 15:59:54 UTC 2011 

On 11-05-08 at 04:02pm, Rob van der Hoeven wrote:
> > > > Sure, users are free to whatever with their FreedomBoxes - it is 
> > > > Free Software.
> > > 
> > > People will install other non FreedomBox approved software. It 
> > > would be nice if the FreedomBox has a software architecture that 
> > > makes this as safe as possible.
> > 
> > FreedomBox is a Debian system with only FreedomBox-optimized 
> > software installed.
> > 
> > Our users are non-technical end-users.  They will only install 
> > FreedomBox-optimized software on their FreedomBox.  Because that is 
> > what we tell them is safe.
> 
> What - no naughty users? ;-) Or companies that will try to persuade 
> users to install their "app" on the FreedomBox?

Lots of naughty users.  They are just not called end-users but hackers.



> > > > You expect cloud companies to have done research in running 
> > > > virtualization on crippled hardware without dedicated RNG or 
> > > > even CPU virtualization support?
> > > > 
> > > 
> > > Yes. Cloud companies are very security aware. CPU virtualization 
> > > features are mostly there to improve performance, not security. 
> > > The hardware of the FreedomBox is not crippled hardware. It is 
> > > modest hardware for modest tasks. Cloud companies have more 
> > > powerful hardware, but on this hardware they are running far more 
> > > VM's. From my own experience i would say that a VM on my 
> > > FreedomBox has roughly the same performance as a cloud VM.
> > 
> > 
> > Well, you could argue that lack of a hardware Random Number 
> > Generator (RNG) is related only to performance, not security, if 
> > always using /dev/random (not /dev/urandom) and tolerating that the 
> > system freezes if the random pool is depleeted.  But I dare say that 
> > is a lousy argument.
> 
> But most (non virtual) systems have no hardware RNG. I am using LXC as 
> virtualization technology. LXC shares the kernel between the VM's. 
> Does this mean i am getting "random" problems?


What I believe is that...

  * virtualization == less ability to gather randomness
  * lack of hardware RNG == less ability to generate randomness
  * modest hardware == fewer sloppy daemons producing randomness

I.e. each factor raise the risk of depleeting the random pool.


So yes, if you use virtualization *and* lack hardware RNG *and* do not 
use whatever powerful resources your machine provides - i.e. only run 
similar amount of apps and similarly slow and simplistic as you would be 
capable of doing tiny little Plug device, then I believe you are at 
equally high risk of getting "random" problems as Plug devices would.

Most likely even an identical setup on more powerful hardware would 
cause additional disk access and network access and other activities 
helping fill the random pool.


I am no expert here, so please do correct me if I am wrong.  I just 
suspect that the odd *combination* of high-end and low-power computing 
is unlikely to have been studied by big-iron companies.


> > > Diaspora is just an example. The problem here is that in order to 
> > > mature some programs that we want to have on our FreedomBoxes need 
> > > our platform to mature.
> > 
> > Yes. I agree.
> > 
> > But virtualization is an extreme, and you use somewhat the opposite 
> > extreme as argument for your approach.  I then point out that 
> > instead of fighting extremes with extremes, I find a more modest 
> > approach more sensible.
> 
> I am trained as an engineer. I design systems with the "worst case" in 
> mind.
> 
> > I dare say that your very approach of running virtualization on 
> > "modest hardware" is experimental itself.  Quite interesting, but 
> > still.
> 
> Virtualization is widely used by the centralized services that 
> dominate the internet today.

yes, but virtualization *COMBINED* with modest hardware?


> There are good reasons for this (not only security). You may call my 
> approach experimental (no problem with that), the question is: is it 
> the right approach? I belief it is, but i also belief a system should 
> be as simple as possible (but not simpler).

What I call experimental is applying big-iron concepts like 
virtualizatin to tiny computing.



> I am looking forward to the official FreedomBox architecture to 
> compare with mine.

This is a do-o-cracy: Right now _you_ are the main force shaping the 
"official FreedomBox"!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110508/365b9da1/attachment-0001.pgp>

More information about the Freedombox-discuss mailing list