From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-4.6 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 Received: by atuin.qyliss.net (Postfix, from userid 496) id E212958144; Tue, 15 Mar 2022 21:11:24 +0000 (UTC) Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id A0A515811F; Tue, 15 Mar 2022 21:10:55 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id 9039A580D2; Tue, 15 Mar 2022 21:10:52 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by atuin.qyliss.net (Postfix) with ESMTPS id 9EB57580C4 for ; Tue, 15 Mar 2022 21:10:48 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 2AA005C025B; Tue, 15 Mar 2022 17:10:47 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 15 Mar 2022 17:10:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm3; bh=cfXiXGoGJXy1tWMXum3N7OJ6J4hqCTdzGTftVM Nnimk=; b=avNIPKsv5Mi5zCMJQ4wx2j+oS4rn/i6B8E7p5E+hrghNSOvPK0x5BF X3bKLp+fDtIha+QPwFpEE/5a5mlB7+62WQWP9TqnB9Nmge+VS0kUBS05Hy3Gy51Q 2ZwICQSW3hpjNT88oJ3gJs1OZGa5V6Io8JmYaqu+LUmB/e/QE5wdASxtl0IaqGwk EQp7UUcdJ1j7JsKnFv7x1lbGRG05iGze3sUZVmWcg+W+zQfqWN8Riifg4LhsV3Yu mNjnUowrCUPIGQd9rzTigzRp/abcFrYVFLXMEISXKpu8EhMMZGtHCrCJJqeWEMeH DzDPkFu8CR4gnOi15FedowNOXfJO7ICg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=cfXiXGoGJXy1tWMXu m3N7OJ6J4hqCTdzGTftVMNnimk=; b=kJhqFXnYqnrDCxl4kKElMKAobhcEtLX1I 1K+SGSIIMIHxjbR1E1TmFyndWnxCN/qXsnfPmL7dht/mJy/FPH+nsRUKG8kPW9hL oF1eU1TalfCt07VJPAaFGJMDZ0NRp/bfsEEpvDwUVz1Na8fPR21RMPVX0H65YRtP IdqBAEQy9iizfSNRXrMM3UnCiNKLxHv8Rfw+o47s4GyMD7boVWC8NYcRJrBdwWOp gR/CS7BQTfVVs1Chuf8AAs5/3iX+MeonQjit1gs+04hgDHelkVIttaB5Vi3REFBk ld85i+VI2e8+RKVJn5A25ZZzEf61C4Vg9rQf8diDIoKoiz86xujzA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudeftddgudeghecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd erredttdejnecuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdr ihhsqeenucggtffrrghtthgvrhhnpeetheekhedtueelhfekvdejfeejgefgueetfefgtd ehgeefudefkeeviefhveefudenucffohhmrghinhepghhithhhuhgsrdgtohhmpdhophgv nhiffegsrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomhepqhihlhhishhssegvvhgvrdhqhihlihhsshdrnhgvth X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 15 Mar 2022 17:10:46 -0400 (EDT) Received: by eve.qyliss.net (Postfix, from userid 1000) id A8A548198; Tue, 15 Mar 2022 21:10:44 +0000 (UTC) Date: Tue, 15 Mar 2022 21:10:44 +0000 From: Alyssa Ross To: Geblaat Subject: Re: PlagueOS Message-ID: <20220315211044.owok7z2esxk7weyv@eve> References: <164737130657.1627.12904004323655713683@atuin.qyliss.net> <725dae3fb6c253624b5aea184923c5f1@riseup.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2rrfmjmidscudlda" Content-Disposition: inline In-Reply-To: <725dae3fb6c253624b5aea184923c5f1@riseup.net> Message-ID-Hash: QGRK5SB3BGKLN3WAEXBBRNI4YOZ5KFVQ X-Message-ID-Hash: QGRK5SB3BGKLN3WAEXBBRNI4YOZ5KFVQ X-MailFrom: qyliss@eve.qyliss.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-discuss.spectrum-os.org-0; header-match-discuss.spectrum-os.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: discuss@spectrum-os.org X-Mailman-Version: 3.3.5 Precedence: list List-Id: General high-level discussion about Spectrum Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --2rrfmjmidscudlda Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 15, 2022 at 12:23:13PM -0700, Geblaat wrote: > On the mailing list, I saw an article about FlexOS, which has some > similar goals, though it seems to be in very early stages. I thought > PlagueOS might be of interest to people here as well. Like Spectrum, it > has better hardware compatibility and performance compared to Qubes OS. > They use Void OS as hypervisor(looks like standard KVM compared to a > more secure Rust alternative) and a lot of hardening. It already has an > ISO image available and a graphical desktop environment, so it can > already be used by people with not much technical skills. That's very interesting, thank you for sharing. I took a look at their documentation. I also had a quick go at running it in a VM but couldn't get it to boot. It looks like it's a hardened Linux distro, with some out of the box support for running applications in virt-manager VMs. I'm very curious about how those VMs are integrated with the system, and whether there's any tooling for making it easier to create/manage VMs on top of the standard virt-manager stuff =E2=80=94 it was difficult for me to tell just going by the informati= on on their GitLab site. I've seen a few other projects now that bundle virt-manager or crosvm and try to make it a bit easier to use, at varying stages of development[1][2]. The main difference between these projects and Spectrum is that Spectrum is aiming for a higher level of integration than just using the standard virtualization programs can provide. I want it to be difficult to tell that the application you're using is even running in a VM. I want it not to be necessary to configure and manage VMs just to run applications. But that's not something that existing Linux virtualization stuff is quite up to (Qubes is closer than anything else), so I'm working on that virtualization technology to try to push it forward to that end. In my mind, that's what separates Spectrum from lots of the other efforts I've seen. (If any of those projects *are* doing development work on virtualization software that I've missed, I'd be very happy to be corrected and to learn about it!) [1]: https://github.com/jollheef/appvm [2]: https://blog.openw3b.org/crosvm-for-os-and-app-virtualization-on-linux/ P.S. Looks like the reason PlagueOS wouldn't boot is that its initramfs is looking for /dev/disk/by-label/PLAGUE_LIVE, but the actual path is /dev/disk/by-label/plague_live (lowercase). --2rrfmjmidscudlda Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmIxANIACgkQ+dvtSFmy ccAs/g//V2U3kRdaV20WbJc1EZwog63LHbkqZDSvOd1fSiG4jbBD4s08QnJoXQ8t tqyhqMkeEAIwlhT3LWAFtXSoNU6waXrEoXjZtEWAwJn8sw73wPVsCgplUZth9VqI 8qwa0evr1aTGi4HSHtql712BlquVwmZXwQTSIHh0pCmB9M7xL0crveOfk7uPPuJk yBHi4ByoZRIajzaCWWznqmBILmoVBTyd/vFE2JtacVmO4epW+hRcDGpSWUmZ4jyx ehHoZftmqu9XpLm17Z3fI6ineq1YWAALGGcEl4DHrdMmYdZY7qTdUTaX8tLKjcNg gzV6SEha7Uj6P7oQuSBz6+noyI5aW84TIFoo3nR9bjXWi0yT+E8yTIlXDDWEztGE jRB4B+Zw+liP18tU03zC85LFxyyytoXy4k6py99Ve7WdODW9zSwyOt9gs7NISaaW lmhzZUjZXc3SiCfAsLr8IyogFK2pLBvU/ItALgEtVGAiHLCfyIkA5LLu2ETaF8CH Na/Pj96APZk5U9A8fqOv5kko9AanmSzbEpF1IbCfQCTnfP/Jnbo1EArSyP2w5RJZ guFhnneFU70jdlPZvivPFTraZ2ZZ7DYdWqdzJlDAEvB7eoP5fwo/+WkdIifVyJCT DAH+ID4MrMiuqXsvY7ZtHQLeGcS7Ho+GYsyBnYn05yAcB3jJNqo= =PmyM -----END PGP SIGNATURE----- --2rrfmjmidscudlda--