Interesting OS security project: https://spectrum-os.org
* each app runs in a separate KVM container
* each VM is generated by a #Nix derivation
* graphics output is composited together via wayland/virtio
The idea is not too dissimilar to #QubesOS
, with the following main differences:
* Xen -> KVM
* Fedora/Debian -> #NixOS
* Xorg -> wayland/virtio
You can read more about the details here: https://spectrum-os.org/design.html
@f2k1de spectrum is still a bit of a work-in-progress, and i think the recent focus has been more towards getting core functionality working, so i don't know how much attention if any has been paid to the resource consumption of the system.
@stick Stumbled upon it a little while back and I still get excited anytime I see something about it 😅
@kiri @stick @cypherpunk Interesting! Whit Diffie has a nice historical perspective related to these projects: "cryptography---cryptographic algorithms---look great, but everything from cryptographic implementations to OSes, hypervisors, etc., look dreadful. The pressing computer security issue today is one raised in the 1970's, which we have not really addressed in a widespread way: the confinement problem."
Starting around 45:20.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!