Question to Torvalds

By: Adrian (a.delete@this.acm.org), January 17, 2021 8:46 am
Room: Moderated Discussions
dmcq (dmcq.delete@this.fano.co.uk) on January 17, 2021 5:39 am wrote:
> Jukka Larja (roskakori2006.delete@this.gmail.com) on January 16, 2021 8:37 pm wrote:
> > dmcq (dmcq.delete@this.fano.co.uk) on January 16, 2021 1:50 am wrote:
> > > Jukka Larja (roskakori2006.delete@this.gmail.com) on January 15, 2021 8:04 pm wrote:
> > > > dmcq (dmcq.delete@this.fano.co.uk) on January 15, 2021 1:58 pm wrote:
> > > > > Anne O. Nymous (not.delete@this.real.address) on January 15, 2021 11:19 am wrote:
> > > > > > dmcq (dmcq.delete@this.fano.co.uk) on January 15, 2021 7:27 am wrote:
> > > > > > > Jukka Larja (roskakori2006.delete@this.gmail.com) on January 15, 2021 5:57 am wrote:
> > > > > > > > dmcq (dmcq.delete@this.fano.co.uk) on January 14, 2021 11:13 am wrote:
> > > > > > > > > Jörn Engel (joern.delete@this.purestorage.com) on January 14, 2021 10:42 am wrote:
> > > > > > > > > > dmcq (dmcq.delete@this.fano.co.uk) on January 14, 2021 7:26 am wrote:
> > > > > > > > > > >
> > > > > > > > > > > I'm basically in agreement with Maynard about this. I've never had anywhere near as many customers as
> > > > > > > > > > > Apple :-) but even so a major consideration for me has always been the support costs.
> > > > > > > > > >
> > > > > > > > > > You are considering a different question. Your question is "Why would Apple
> > > > > > > > > > want to...". My question is "Why would I (or some other user) want to...".
> > > > > > > > > >
> > > > > > > > > > Of course Apple doesn't care whether I, Linus or the other twelve people buy an extra machine
> > > > > > > > > > to run Linux on it. Doesn't invalidate our reasons to prefer bare metal over hypervisors.
> > > > > > > > >
> > > > > > > > > Eveyone who writes software has support costs unless it is just a private hobby tinkering
> > > > > > > > > around with their own machine.This thread is about gaining perhaps 3% performance if things
> > > > > > > > > work out okay and incurring the trouble of writing ones own drivers which might go out
> > > > > > > > > of date in the next iteration. And for what from the point of view of a user?
> > > > > > > >
> > > > > > > > You presume that MacOS is better OS than Linux (for whatever value of "better").
> > > > > > > >
> > > > > > > > -JLarja
> > > > > > >
> > > > > > > I presume only that a good hypervisor can be built which splits off what is needed to
> > > > > > > be done by the operating system and the firmware that is more dependent on the specific
> > > > > > > version of the hardware. And that a lot of people are interested in security.
> > > > > > >
> > > > > >
> > > > > > How does adding more between the bare metal and the OS add
> > > > > > to security? Sure a hypothetical flawless hypervisor
> > > > > > might do the trick, but how is that any more secure than an equally hypothetical flawless OS? This is not
> > > > > > an argument why apple should or should not consider this just a question about your argument ;)
> > > > > >
> > > > > >
> > > > >
> > > > > If anyone can stick in a new operating system that has full access to everything there is no security.
> > > >
> > > > Just as well anyone can stick in a new hypervisor. I don't really see what's the difference between
> > > > hypervisor and OS in this argument. Or is the point just that a limited system where user can't do stupid
> > > > things is more secure? Wouldn't an OS that only allows running a browser then be even better?
> > > >
> > > > -JLarja
> > >
> > > I wasn't advocating that Chromebook solved everyone's problems, but yes a more limited system that
> > > doesn't allow a person access to everything is more secure and there's lots of examples of that.
> >
> > Yeah, so it's not really about running under hypervisor or not. It's one way to limit a system, but
> > not particularly good. If I run Windows 2000 in VM, it will be insecure. VM may prevent malware from
> > messing with other VMs, but if my goal is running Windows 2000 (not running Windows 2000 along with
> > other OSes), it doesn't really change anything (perhaps makes "re-installing" Windows easier).
> >
> > -JLarja
>
> No that is not what I said at all. just running a secure system on top of an
> insecure system is a waste of time. And bare metal is insecure. If it is easy
> for users to get to bare metal then anyone can compromise the system easily.


I agree that the majority of computer users would not know how to take care of the security of their computers, so for them a computer that limits what they can do might be the right choice.


However for my personal use, only bare metal has a chance to be secure, any layer above that which cannot be controlled by myself is just a Trojan horse that I cannot accept.

I use only computers that do what I tell them to do and I find it unacceptable for any company to have any ability to make any decision about my own devices.


That is why I will never use again an Apple device, and I am already super-annoyed about the amount of hideous workarounds that exist for patching platform control or remote administration features on the Intel & AMD systems, e.g. System Management Mode, Intel ME, AMD PSP, and even BMC's used for IPMI, which are nonetheless much more open.


All such workaround features have appeared only due to the unwillingness of Microsoft to include equivalent features in the Windows operating systems.

With a decent operating system, unlike with Windows, there has never been any need for extra hardware support for remote management, e.g. ME, PSP, BMC etc. I have managed remotely hundreds of computers without any need for extra hardware besides the standard CPU.

The only thing that was missing would have been a BIOS software feature, e.g. a standardized API, to allow the remote reconfiguration of the BIOS settings, which is impossible in standard PCs without using IPMI/ME etc., and not all this undocumented crap that cannot be disabled with certainty, especially in the case of some Intel devices where the ME remote management can be accessed through WiFi, without the need of physical connections and possibly from another building.

Also SMM was an extremely stupid workaround for the fact that Microsoft was not willing to take responsibility for power management and other such tasks, and now it is very difficult to find out what exactly a BIOS does concurrently with your programs and whether it does not interfere with what you want to do.






















< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Question to TorvaldsPaul2020/11/14 04:08 AM
  Question to TorvaldsLinus Torvalds2020/11/14 02:12 PM
    Question to Torvaldsnever_released2020/11/14 05:12 PM
      Question to TorvaldsDoug S2020/11/15 09:55 AM
        Question to Torvaldsnever_released2020/11/15 12:31 PM
          Question to TorvaldsDoug S2020/11/16 10:46 AM
            Question to TorvaldsMaxwell2020/11/16 11:49 AM
              Question to Torvaldsnever_released2020/11/16 04:25 PM
                Question to Torvaldslyra642020/11/23 11:23 AM
    Question to Torvaldsme2020/11/22 12:11 PM
    Question to TorvaldsJames2020/11/25 06:59 AM
    Question to Torvaldsbakk2021/01/09 03:35 PM
      Question to TorvaldsMaynard Handley2021/01/09 04:12 PM
        He asked disingenuously (NT)JS2021/01/09 08:33 PM
          He asked disingenuouslyMaynard Handley2021/01/10 10:51 AM
            He asked disingenuouslyJS2021/01/10 03:50 PM
              He asked disingenuouslyMaynard Handley2021/01/10 06:02 PM
        Question to Torvaldsanon2021/01/10 07:01 PM
          Question to TorvaldsMaynard Handley2021/01/10 07:59 PM
            Question to Torvaldsanon2021/01/11 09:56 AM
              Question to TorvaldsJukka Larja2021/01/12 05:50 AM
        Question to Torvaldsanon22021/01/10 07:21 PM
          Question to TorvaldsMaynard Handley2021/01/10 08:15 PM
            Question to TorvaldsMaynard Handley2021/01/10 08:22 PM
            Question to Torvaldsanon22021/01/10 08:47 PM
              Question to TorvaldsMaynard Handley2021/01/10 09:28 PM
                Question to Torvaldsanon22021/01/10 10:36 PM
        Question to TorvaldsJukka Larja2021/01/11 06:21 AM
          Question to TorvaldsMaynard Handley2021/01/11 10:33 AM
            Question to Torvaldsanon22021/01/11 10:40 PM
            Question to TorvaldsJukka Larja2021/01/12 06:05 AM
              Question to TorvaldsMaynard Handley2021/01/12 09:42 AM
                Question to TorvaldsJukka Larja2021/01/12 11:15 AM
                  Question to TorvaldsMaynard Handley2021/01/12 12:07 PM
                    Question to TorvaldsJukka Larja2021/01/13 06:24 AM
                      Question to TorvaldsMichael S2021/01/13 08:45 AM
                    Question to TorvaldsUngo2021/01/13 07:34 PM
        Question to TorvaldsJörn Engel2021/01/13 09:49 AM
          Question to TorvaldsEtienne Lorrain2021/01/14 03:02 AM
            Question to Torvaldsdmcq2021/01/14 08:26 AM
              Question to TorvaldsJörn Engel2021/01/14 11:42 AM
                Question to Torvaldsdmcq2021/01/14 12:13 PM
                  Question to TorvaldsJukka Larja2021/01/15 06:57 AM
                    Question to Torvaldsdmcq2021/01/15 08:27 AM
                      Question to TorvaldsAnne O. Nymous2021/01/15 12:19 PM
                        Question to Torvaldsdmcq2021/01/15 02:58 PM
                          Question to TorvaldsJukka Larja2021/01/15 09:04 PM
                            Question to Torvaldsdmcq2021/01/16 02:50 AM
                              Question to TorvaldsJukka Larja2021/01/16 09:37 PM
                                Question to Torvaldsdmcq2021/01/17 06:39 AM
                                  Question to TorvaldsAdrian2021/01/17 08:46 AM
                                    Question to Torvaldsdmcq2021/01/17 09:36 AM
                                  Question to TorvaldsJukka Larja2021/01/17 09:35 AM
                                    Question to Torvaldsdmcq2021/01/17 10:01 AM
                                      Question to TorvaldsJukka Larja2021/01/17 10:52 AM
            Question to TorvaldsDoug S2021/01/14 10:37 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell avocado?