Follow

Interesting OS security project: spectrum-os.org

* each app runs in a separate KVM container
* each VM is generated by a derivation
* graphics output is composited together via wayland/virtio

The idea is not too dissimilar to
, with the following main differences:

* Xen -> KVM
* Fedora/Debian ->
* Xorg -> wayland/virtio

You can read more about the details here: spectrum-os.org/design.html

@f2k1de spectrum is still a bit of a work-in-progress, and i think the recent focus has been more towards getting core functionality working, so i don't know how much attention if any has been paid to the resource consumption of the system.

@f2k1de @stick @pbb of course it is not. Since the machines are still full blown VMs each one needs the resources like a regular OS (Init system, kernel, scheduler and so on)

@tuxflo @f2k1de @stick does Xen support something similar to samepage merging? With spectrum you could - with a security tradeoff of course - enable samepage merging on the host. Also if the new virtio filesystem driver is used, the VMs will be able to share memory regions for filesystem caches afaik.
So even though it will never be memory friendly compared to a normal linux system, it might be better than Xen-based QubesOS in that regard.

@stick Stumbled upon it a little while back and I still get excited anytime I see something about it 😅

@kiri @stick @cypherpunk Interesting! Whit Diffie has a nice historical perspective related to these projects: "cryptography---cryptographic algorithms---look great, but everything from cryptographic implementations to OSes, hypervisors, etc., look dreadful. The pressing computer security issue today is one raised in the 1970's, which we have not really addressed in a widespread way: the confinement problem."

Starting around 45:20.

invidious.snopyta.org/watch?v=

#infosec #cryptography #privacy

@spoon Ooooh, looks interesting! I'll take a look :)

@stick will it be compatible with a broader range of devices than Qubes?

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!