Hacker News new | past | comments | ask | show | jobs | submit login

I don't really understand how that could possibly work. If you install tools on private machines then they never talk to each other.



Of course they can: Via network interfaces (which can be firewalled). Via shared directories on shared filesystems. Etc. With e.g. LXC the extent of isolation is can be controlled at a very detailed level. In practice, though, very little stuff needs more than a network connection to interact with each others, and very few applications actually have any business interacting with the other applications I run other than in very specific circumstances.

This is not to say that I run everything isolated from everything else. I have a "unsafe" VM for example where I compile and mess around with a lot of public code I don't want to evaluate the security of. To get further into my network from that one still takes a little bit of work. I also group together various things based on tasks.

But random code I don't have a reason to trust won't go straight into my normal user account on my laptop.

Note that a "reason to trust" can be as simple as "has been signed by the Debian packagers" for some systems. It's a trade off.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: