The issue with VirtualBox #20
Comments
|
I wish I had the time, but I just don't, currently. Other work is taking up almost all of my resources. I'm a daily HiddenVM user, as are many others, so the project is not dead, it's just not significantly changed for the time being. All security updates are basically automatic and any unlikely vulnerabilities in the actual (simple) HVM code would be fixed promptly. This project has a future, or one that can offer something even better does. The idea is just too good. We're sorry that the KVM dream inside Tails hasn't been provided by us, after all this time. Also our python (and more pretty GUI) port doesn't offer that much benefit to the user over HVM1 (e.g. it doesn't really speed up the launch process), and is also similarly a lot of work. I'm overwhelmed from other work. I can barely can manage this thing right now, and I think in future I'll be able to get some development help. I will reflect on this: Recently, my personal regard for VirtualBox has lifted, slightly. Some recent This means to offer a similar level of GUI-level features access for tuning and setting up VMs with KVM is a SIGNIFICANT amount of work. To use GNOME Boxes and virt-manager in conjunction is already a clunky UX downgrade from sole VirtualBox. Nonetheless, I agree a KVM option should be offered and recommended as a superior security option, like Whonix project does. I'm moderately concerned for the safety of using the corporately controlled VirtualBox open-source project (with third-party individual contributors openly accepted), but not severely. There are ways to lock down what VirtualBox and other Tails-level applications (such as the VirtualBox installed by HiddenVM) could do, even in the face of an exploit or a deliberately non-fixed vulnerability on the part of Oracle, which is what I do. OpenSnitch, Firejail, and other tools. For high security users craving KVM in Tails, it's possible they could try developing their own scripts if they spend a huge deal of time on it, share the results here or elsewhere and perhaps an offshoot project could start. Various functions in our code certainly shows ways to automate VMs in general. Until then, we can only offer what we're offering right now, I can hardly look at the code at all right now. :( |
Hi,
I have been following this project for some time now. I notice some concerns about the usage of VirtualBox. The Whonix developers have given some good reasons against the usage of VirtualBox. I understand you guys are in process of porting the project to Python a new programming language which is a huge undertaking. Since HiddenVM already uses bash why not switch out VirtualBox fpr KVM (virt-manager) while you guys are working on the new Python release. This would address the main concern regarding the issue.
I noticed this project from a reddit post which said that this project brings the HiddenOS feature of veracrypt to life which is good news for vulnerable people like the Chinese OP who brought up this issue. That being said please don't take this as a criticism of your project. I am only one of the many people concerned about this issue.
Thank you for your time.
The text was updated successfully, but these errors were encountered: