Question to Torvalds

By: dmcq (dmcq.delete@this.fano.co.uk), January 17, 2021 8:36 am
Room: Moderated Discussions
Adrian (a.delete@this.acm.org) on January 17, 2021 7:46 am wrote:
> dmcq (dmcq.delete@this.fano.co.uk) on January 17, 2021 5:39 am wrote:
> > Jukka Larja (roskakori2006.delete@this.gmail.com) on January 16, 2021 8:37 pm wrote:
> > > dmcq (dmcq.delete@this.fano.co.uk) on January 16, 2021 1:50 am wrote:
> > > > Jukka Larja (roskakori2006.delete@this.gmail.com) on January 15, 2021 8:04 pm wrote:
> > > > > dmcq (dmcq.delete@this.fano.co.uk) on January 15, 2021 1:58 pm wrote:
> > > > > > Anne O. Nymous (not.delete@this.real.address) on January 15, 2021 11:19 am wrote:
> > > > > > > dmcq (dmcq.delete@this.fano.co.uk) on January 15, 2021 7:27 am wrote:
> > > > > > > > Jukka Larja (roskakori2006.delete@this.gmail.com) on January 15, 2021 5:57 am wrote:
> > > > > > > > > dmcq (dmcq.delete@this.fano.co.uk) on January 14, 2021 11:13 am wrote:
> > > > > > > > > > Jörn Engel (joern.delete@this.purestorage.com) on January 14, 2021 10:42 am wrote:
> > > > > > > > > > > dmcq (dmcq.delete@this.fano.co.uk) on January 14, 2021 7:26 am wrote:
> > > > > > > > > > > >
> > > > > > > > > > > > I'm basically in agreement with Maynard about this. I've never had anywhere near as many customers as
> > > > > > > > > > > > Apple :-) but even so a major consideration for me has always been the support costs.
> > > > > > > > > > >
> > > > > > > > > > > You are considering a different question. Your question is "Why would Apple
> > > > > > > > > > > want to...". My question is "Why would I (or some other user) want to...".
> > > > > > > > > > >
> > > > > > > > > > > Of course Apple doesn't care whether I, Linus or the other twelve people buy an extra machine
> > > > > > > > > > > to run Linux on it. Doesn't invalidate our reasons to prefer bare metal over hypervisors.
> > > > > > > > > >
> > > > > > > > > > Eveyone who writes software has support costs unless it is just a private hobby tinkering
> > > > > > > > > > around with their own machine.This thread is about gaining perhaps 3% performance if things
> > > > > > > > > > work out okay and incurring the trouble of writing ones own drivers which might go out
> > > > > > > > > > of date in the next iteration. And for what from the point of view of a user?
> > > > > > > > >
> > > > > > > > > You presume that MacOS is better OS than Linux (for whatever value of "better").
> > > > > > > > >
> > > > > > > > > -JLarja
> > > > > > > >
> > > > > > > > I presume only that a good hypervisor can be built which splits off what is needed to
> > > > > > > > be done by the operating system and the firmware that is more dependent on the specific
> > > > > > > > version of the hardware. And that a lot of people are interested in security.
> > > > > > > >
> > > > > > >
> > > > > > > How does adding more between the bare metal and the OS add
> > > > > > > to security? Sure a hypothetical flawless hypervisor
> > > > > > > might do the trick, but how is that any more secure than an equally hypothetical flawless OS? This is not
> > > > > > > an argument why apple should or should not consider this just a question about your argument ;)
> > > > > > >
> > > > > > >
> > > > > >
> > > > > > If anyone can stick in a new operating system that has full access to everything there is no security.
> > > > >
> > > > > Just as well anyone can stick in a new hypervisor. I don't really see what's the difference between
> > > > > hypervisor and OS in this argument. Or is the point just that a limited system where user can't do stupid
> > > > > things is more secure? Wouldn't an OS that only allows running a browser then be even better?
> > > > >
> > > > > -JLarja
> > > >
> > > > I wasn't advocating that Chromebook solved everyone's problems, but yes a more limited system that
> > > > doesn't allow a person access to everything is more secure and there's lots of examples of that.
> > >
> > > Yeah, so it's not really about running under hypervisor or not. It's one way to limit a system, but
> > > not particularly good. If I run Windows 2000 in VM, it will be insecure. VM may prevent malware from
> > > messing with other VMs, but if my goal is running Windows 2000 (not running Windows 2000 along with
> > > other OSes), it doesn't really change anything (perhaps makes "re-installing" Windows easier).
> > >
> > > -JLarja
> >
> > No that is not what I said at all. just running a secure system on top of an
> > insecure system is a waste of time. And bare metal is insecure. If it is easy
> > for users to get to bare metal then anyone can compromise the system easily.
>
>
> I agree that the majority of computer users would not know how to take care of the security of their
> computers, so for them a computer that limits what they can do might be the right choice.
>
>
> However for my personal use, only bare metal has a chance to be secure, any layer above
> that which cannot be controlled by myself is just a Trojan horse that I cannot accept.
>
> I use only computers that do what I tell them to do and I find it unacceptable
> for any company to have any ability to make any decision about my own devices.
>
>
> That is why I will never use again an Apple device, and I am already super-annoyed about
> the amount of hideous workarounds that exist for patching platform control or remote
> administration features on the Intel & AMD systems, e.g. System Management Mode, Intel
> ME, AMD PSP, and even BMC's used for IPMI, which are nonetheless much more open.
>
>
> All such workaround features have appeared only due to the unwillingness of
> Microsoft to include equivalent features in the Windows operating systems.
>
> With a decent operating system, unlike with Windows, there has never been any need for extra
> hardware support for remote management, e.g. ME, PSP, BMC etc. I have managed remotely hundreds
> of computers without any need for extra hardware besides the standard CPU.
>
> The only thing that was missing would have been a BIOS software feature, e.g. a standardized API,
> to allow the remote reconfiguration of the BIOS settings, which is impossible in standard PCs without
> using IPMI/ME etc., and not all this undocumented crap that cannot be disabled with certainty,
> especially in the case of some Intel devices where the ME remote management can be accessed through
> WiFi, without the need of physical connections and possibly from another building.
>
> Also SMM was an extremely stupid workaround for the fact that Microsoft was not willing to take responsibility
> for power management and other such tasks, and now it is very difficult to find out what exactly a BIOS
> does concurrently with your programs and whether it does not interfere with what you want to do.

You really should write your own spreadsheet too
< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Question to TorvaldsPaul2020/11/14 03:08 AM
  Question to TorvaldsLinus Torvalds2020/11/14 01:12 PM
    Question to Torvaldsnever_released2020/11/14 04:12 PM
      Question to TorvaldsDoug S2020/11/15 08:55 AM
        Question to Torvaldsnever_released2020/11/15 11:31 AM
          Question to TorvaldsDoug S2020/11/16 09:46 AM
            Question to TorvaldsMaxwell2020/11/16 10:49 AM
              Question to Torvaldsnever_released2020/11/16 03:25 PM
                Question to Torvaldslyra642020/11/23 10:23 AM
    Question to Torvaldsme2020/11/22 11:11 AM
    Question to TorvaldsJames2020/11/25 05:59 AM
    Question to Torvaldsbakk2021/01/09 02:35 PM
      Question to TorvaldsMaynard Handley2021/01/09 03:12 PM
        He asked disingenuously (NT)JS2021/01/09 07:33 PM
          He asked disingenuouslyMaynard Handley2021/01/10 09:51 AM
            He asked disingenuouslyJS2021/01/10 02:50 PM
              He asked disingenuouslyMaynard Handley2021/01/10 05:02 PM
        Question to Torvaldsanon2021/01/10 06:01 PM
          Question to TorvaldsMaynard Handley2021/01/10 06:59 PM
            Question to Torvaldsanon2021/01/11 08:56 AM
              Question to TorvaldsJukka Larja2021/01/12 04:50 AM
        Question to Torvaldsanon22021/01/10 06:21 PM
          Question to TorvaldsMaynard Handley2021/01/10 07:15 PM
            Question to TorvaldsMaynard Handley2021/01/10 07:22 PM
            Question to Torvaldsanon22021/01/10 07:47 PM
              Question to TorvaldsMaynard Handley2021/01/10 08:28 PM
                Question to Torvaldsanon22021/01/10 09:36 PM
        Question to TorvaldsJukka Larja2021/01/11 05:21 AM
          Question to TorvaldsMaynard Handley2021/01/11 09:33 AM
            Question to Torvaldsanon22021/01/11 09:40 PM
            Question to TorvaldsJukka Larja2021/01/12 05:05 AM
              Question to TorvaldsMaynard Handley2021/01/12 08:42 AM
                Question to TorvaldsJukka Larja2021/01/12 10:15 AM
                  Question to TorvaldsMaynard Handley2021/01/12 11:07 AM
                    Question to TorvaldsJukka Larja2021/01/13 05:24 AM
                      Question to TorvaldsMichael S2021/01/13 07:45 AM
                    Question to TorvaldsUngo2021/01/13 06:34 PM
        Question to TorvaldsJörn Engel2021/01/13 08:49 AM
          Question to TorvaldsEtienne Lorrain2021/01/14 02:02 AM
            Question to Torvaldsdmcq2021/01/14 07:26 AM
              Question to TorvaldsJörn Engel2021/01/14 10:42 AM
                Question to Torvaldsdmcq2021/01/14 11:13 AM
                  Question to TorvaldsJukka Larja2021/01/15 05:57 AM
                    Question to Torvaldsdmcq2021/01/15 07:27 AM
                      Question to TorvaldsAnne O. Nymous2021/01/15 11:19 AM
                        Question to Torvaldsdmcq2021/01/15 01:58 PM
                          Question to TorvaldsJukka Larja2021/01/15 08:04 PM
                            Question to Torvaldsdmcq2021/01/16 01:50 AM
                              Question to TorvaldsJukka Larja2021/01/16 08:37 PM
                                Question to Torvaldsdmcq2021/01/17 05:39 AM
                                  Question to TorvaldsAdrian2021/01/17 07:46 AM
                                    Question to Torvaldsdmcq2021/01/17 08:36 AM
                                  Question to TorvaldsJukka Larja2021/01/17 08:35 AM
                                    Question to Torvaldsdmcq2021/01/17 09:01 AM
                                      Question to TorvaldsJukka Larja2021/01/17 09:52 AM
            Question to TorvaldsDoug S2021/01/14 09:37 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell avocado?