From mboxrd@z Thu Jan 1 00:00:00 1970 From: steffen@sdaoden.eu (Steffen Nurpmeso) Date: Sat, 18 Mar 2017 16:43:57 +0100 Subject: [TUHS] X, Suntools, and the like In-Reply-To: References: <4227EA32-12C2-46D1-B683-88812D1E5168@tfeb.org> <3B3776C9-1B22-4143-A4F5-0BEA13C79505@tfeb.org> <20170315164006.GC26286@wopr> <20170316230455.GA21805@naleco.com> <20170317001331.GO5720@mcvoy.com> <20170317123935.Zj3Be%steffen@sdaoden.eu> Message-ID: <20170318154357.otN-Y%steffen@sdaoden.eu> Tony Finch wrote: |Steffen Nurpmeso wrote: |> And it makes it possible to run browsers in a separate KVM into |> which you log in with X11 forwarding enabled, for very insecure |> things, and if your machine is strong enough. | |Nice! If you want a less-DIY more-packaged version of this idea, have a Indeed there was also a nice thing on VDE2 which i searched but could not find, so i posted the second best i remembered.. ^.^ |look at https://www.qubes-os.org/intro/ This sent me on an interesting journey, reiterating all the Xen / KVM / etc. things, and which lead me to Librem, and i think i will participate in one of the next batches of a Librem 13 -- i still haven't replaced my main machine that died more than one and half a year ago. I wanted to go Zenbook for quite some time (ever since), but this indeed looks very nice, too. Yes, the Xen hypervisor approach is more like the supercomputer compartments that some of the members of this list know about. But, you know, if possible i really want to avoid such a huge installation as a base system, i would prefer a small NanoBSD, or a minimal-installation Linux (because i am a loser and prefer a very good performing base system with binary security update support), say, nothing more than the kernel, iptables, iproute2, VDE2, qemu (minimal), openssl and openssh. And it needs X. And i have found out that AlpineLinux offers a Xen Dom0 installation image: likely that it ships with Python preinstalled, and Python and me is no-no-no. (If at all avoidable, that is.) KVM/Qemu you can drive with a few shell scripts. You know, i am so undecided. If someone would come around with a modern mobile phone with a quad-processor and say 8GB RAM (free) and a "Lapdock-station" that has a good keyboard and monitor, and the possibility to boot a "normal" operating system "directly via KVM/xy" (when plugging in), then i really would be satisfied. I/O performance is what counts for me -- and here SSD and a virtual machine with dedicated partition is much better than anything i ever had before! --, CPU power i miss only when compiling, but having four or even eight truly parallel threads would surely make this acceptable -- i am used to two-core 1.4 GHz Core 2... Yet of course noone will mix the markets of phones and laptops. And what do you mean by DIY? Isn't it a pretty common abstraction to have several users with different privileges? It must be doable, of course -- if i recall correctly, switching users on a Mac freezes anything of the current user, for example, and the graphical firewall tool either allows ssh or not, so that the scenario shown wouldn't even work (when using the Mac-GUI-provided ways of doing things). --steffen