16
Haxk20
28d

I cannot understand why people still think using VMs will help you be "safer".
Sure its better then nothing but its not that safe.
There have and are many exploits around VMs and there will be more.

Seriusly tho. There are bugs in VMs. Some use the RAM to escelate from VM. Some CPU. Some IDK what.
Its not safe.
Whats safe ?
Nothing.
Even PC with no internet isnt safe.
Heck i could see the power draw of your home and tell you what you were doing. (PC draws more current depending on what its doing. After some time and lot of data you can figure out user process.)
Heck even your BIOS isnt safe. (Not talking about open source alternatives. Those are much safer)

Comments
  • 8
    Hm. Remember this XKCD comic?

    https://xkcd.com/538/

    Pretty sure that sums it up.

    :)
  • 1
    @IntrusionCM This wasnt even rant. More of a joke. Fuck i forgot to mark it as one. Fuck.Forgive me devRant for i have sinned.

    LUL

    Anyways. Yeah.
  • 2
    @Haxk20 Rant and you'll be forgiven....

    Even if meant as a joke, I understand your position.

    The trend to security by obscurity has become obscene....
  • 2
    It’s safer for you pocket when you’re hosting provider. Everything slows down so you can charge twice as much for same disk space.
  • 2
    @vane @Haxk20 vms were never meant to help you be safe.
    The idea is to allow you to use your hardware in such a way as to allow 50 simulated computers to run on 2 quad core cpus with 64gb of ram. And back them up. and bring up new Server machines as required. And if a VM dies bc the IT guy killed it - just bring up another. No Cables, no traveling to remote offices to fix thier shitty workstations.

    The idea of a VM is originally for the enterprize - not for day-to-day use by the idiot computer user.

    Docker however.....
  • 1
    @magicMirror exactly when you charge 50 times using one machine it’s more safe for your pocket.

    50 clients if you sell each of them two cores charge 10 bucks and host at home you have 500 bucks and they have cloud vm infrastructure.

    Sounds like a great business plan.
  • 4
    But VMs are currently the safest known method for executing untrusted code. And until computers will be so cheap, powerful, silent and power efficient that everyone will have their own home NAS and all software will run on every OS, there will be demand for running untrusted code.
  • 2
    I cannot understand why people still think washing your hands will help you be "safe."

    Sure, it's better than nothing but it's not safe.

    There have been and are many illnesses around people and will be more.

    /i get it, it's a joke ;)
  • 0
    You cant do power analysis on a home PC, the psu has a ton of filtering. The only thing you will be able to get is average power consumption over few seconds, so you only will be able to guess if he is running heavy loads or not. You cant get any meaningful data from it.
  • 0
    Makes me thing about a theoretical vulnerability in string compares.

    Assuming you have an end point which compares 2 password hashed. Let’s say SHA512 to simplify.

    In most languages, string.Compare will compare character by character until first mismatch.
    So if the mismatch is at 1st character or the last, the time is different.

    So, in theory, it is possible to “guess” the hash little by little, based on how much time comparison is running.

    Now I don’t see it being used in practice, specially over HTTP : too many factors in the play.
    I think someone even did “secureCompare” method, which will always go to the end of the strings

    So yeah, good luck with my hom power draw.
    You won’t be able to tell if my PC is even running from a fridge which is not running constantly
  • 0
    @NoToJavaScript it was a fucking joke jesus read comments.
  • 0
    @NoToJavaScript Most STLs have a secure compare, or similar functionality in password compare whose primary feature is that it determines the hash function by reading it from the beginning of the hash.
Add Comment