[Freedombox-discuss] Policy questions

Rob van der Hoeven robvanderhoeven at ziggo.nl
Sun May 8 08:10:44 UTC 2011

On Sun, 2011-05-08 at 06:52 +0800, Sandy Harris wrote:
> Rob van der Hoeven <robvanderhoeven at ziggo.nl> wrote:
> >> A standard tactic for security is isolation of services.
> >> ...
> >>
> >> Clearly we cannot expect to use a separate machine
> >> for each FB service, but we need some strategy that
> >> limits the damage if any one service turns out to have
> >> a security flaw. Some list posts suggest using virtual
> >> machines, and that is one plausible solution, though
> >> costly.
> >
> > Hi Sandy,
> >
> > I am the one that suggested virtual machines, and i am using them at
> > this moment. ...
> >
> > In my opinion building a FreedomBox without using VM technology is very
> > dangerous.
> To me, the question seems more complex and still open. It is
> clear that we need strong security, and therefore a carefully
> designed strategy for isolation. It is not clear to me that VM
> techniques are the way to go.
> There are plenty of other candidates. The OS provides
> mechanisms intended to do what we need, process
> isolation, chroot, file permissions and so on. There are
> extensions like SE-LInux and GRsecurity that give
> more.

You are right. A competent sysadmin can build a secure system without
using virtualization. I don't think that an average FreedomBox user can
manage the more advanced security features that you mention. So, must
they become dependent on FreedomBox security experts every time they
want to install a new service that connects to the internet? That's no
freedom to me. In my design i use VM's as sandboxes. Users are free to
install whatever they want inside a VM. 

> There may also be problems with the VM method.
> Random numbers are one. More-or-less all crypto
> depends on those. random(4) depends on the
> driver having access to things like mouse clicks
> and disk interrupts. I doubt that it will work well
> on a headless server with solid state disk, let
> alone in a VM.
> This is just one problem that seems obvious.
> Has anyone done a security audit on one of
> the VM methods? Without that, should it be
> trusted?

Maybe the cloud companies have done some research on that? You have a
valid question here. I'm very interested how secure the virtualization i
use (LXC) is. 

> > Not all the software running on the FreedomBox will be mature
> > and i expect a lot of serurity/stability issues.
> I tend to think only mature software should be used.
> There are other places for development and experiments.
> The box needs to be very solid.

One of the goals of the FreedomBox is to decentralize popular social
networking services. The software to do so is still in development or
does not exists. In order to develop the software FreedomBoxes are
needed. Are you going to wait until Diaspora is mature in order to let
it run on the FreedomBox?

Rob van der Hoeven.

More information about the Freedombox-discuss mailing list