OpenBSD developer notes king’s clothing is “virtual”

Theo de Raadt explains why virtualization does not improve security. How about this: to improve security, you have to have a secure design, a marketing buzzword won’t do the trick. Anyone who has seriously looked that the current generation x86 virtualization hardware knows that it does not provide clean separation or levels of security. It is possible, with great care, to use it in a way that improves some types of security, but mostly it seems like a way of justifying the use of SUV monster servers.

If you look at Xen code, for example, you can see that it copies huge chunks of Linux. The argument seems to be that if Linux does not have security and fails to efficiently allocate resources, Linux+ModifiedLinux will do a better job, somehow. There’s no reason to believe this will happen and many reasons to believe that it will, in fact, make security more elusive. That’s not to either argue against virtualization as a useful technique: our RTMS uses a type of virtualization and we have a lot of customers who love VMWare, but the hype-ervisor is disconnected from reality. The delusion that making arbitrary divisions in software can reduce complexity is a persistent one, but it has no basis.

Apple’s strategic brilliance

I may be reading too much into it, but Apple looks to have come up with a strategy to pass Microsoft in the next ten years. They are linking their phone, music, and PC business together to form an unavoidable platform in a way that has not been done since Microsoft put together the office suite and windows. It’s unfortunate that this is all being done on the flawed Mach base, but it probably doesn’t matter. The killer advantages Apple brings are all centered around their ability to runover the middlemen and reach out directly to paying customers. In the cell phone market, where billions have been spent trying to win over operators and the main phone makers, Apple has ignored all the standards bodies and consortia and operator specs and produced something end-customers demand. Same with itunes and the bitterly complaining music industry. Instead of thinking like a subcontractor, Apple thinks like a market innovator.