So... Is this actually supposed to do something? In-kernel virtual machines I heard, I mean that sounds kinda interesting, creepy as all hell and largely defeating the point of VMs in the first place, but interesting nontheless..
I just don't see why we would want something like that in the mainline linux kernel, I don't see why this stuff shouldn't be out-of-tree or in a different kernel line targeted at whatever people actually want to use this feature.
This is clearly not a core feature that belongs in every linux kernel, reeks of pointless bloat to me.
All this work to make the kernel bigger when we should be working to make it smaller.
Announcement
Collapse
No announcement yet.
Microsoft & Others Form The eBPF Foundation
Collapse
X
-
Originally posted by onlyLinuxLuvUBack View PostCan you imagine sitting at the linux "Foundation" meeting:
Microsoft: Ok guys you know if they run linux we can't control them,
we can't bend them over and mine their data.
Crowd(Google etc): No... no... why ?
Microsoft: Silence. I have a plan, we all joined this foundation
so we could corrupt linux and be able to control it, no ?
If the linux "Foundation" changes linux then who would stop us ?
CCP: Son, we have our own list of patches that you must apply and
if you don't apply them then no business in our country for you.
Right?
- Likes 5
Leave a comment:
-
Is eBPF a really good idea in long term cases? Many very experienced people disagree.
Those very big corps have lots of resources that make them possible to have LOTS of security layers, many of them extremely secret and NEVER will be published or known outside their extremely paranoid environments. Despite of that, they have LOTS of security leaks (is Google less prone than the rest?).
It may make certain stuff faster, such as load balancing and even replace iptables. What's the real cost of it?
Buzzwords aren't enough...
Leave a comment:
-
Can you imagine sitting at the linux "Foundation" meeting:
Microsoft: Ok guys you know if they run linux we can't control them,
we can't bend them over and mine their data.
Crowd(Google etc): No... no... why ?
Microsoft: Silence. I have a plan, we all joined this foundation
so we could corrupt linux and be able to control it, no ?
If the linux "Foundation" changes linux then who would stop us ?
CCP: Son, we have our own list of patches that you must apply and
if you don't apply them then no business in our country for you.
- Likes 4
Leave a comment:
-
Originally posted by mdedetrich View PostEnqueue the Microsoft hatred
- Likes 4
Leave a comment:
-
Originally posted by andyprough View PostTen years from now when security researchers find all the security holes, there are going to be some painful mitigations for dealing with this.
Thread https://mobile.twitter.com/andreyknv...97975979102217 : "The cool part about eBPF-based rootkits is portability.
A kernel module–based rootkit needs to be rebuilt when a new kernel is deployed."
Fortunately, Debian has recently started disabling unprivileged BPF by default on the sid kernels.
- Likes 4
Leave a comment:
-
Originally posted by etam View PostThe more I hear about features implemented in Linux kernel, the more I think about Hurd. I mean, a lot of those things implemented in kernel, sound like some userspace thing.Last edited by GruenSein; 13 August 2021, 03:35 AM.
- Likes 2
Leave a comment:
-
Ten years from now when security researchers find all the security holes, there are going to be some painful mitigations for dealing with this.
- Likes 5
Leave a comment:
-
The more I hear about features implemented in Linux kernel, the more I think about Hurd. I mean, a lot of those things implemented in kernel, sound like some userspace thing.
- Likes 2
Leave a comment:
-
eBPF changes the way operating systems and infrastructure services are designed. It bridges the boundary between kernel and user space. It encourages and accelerates innovation and is a significant leap forward in open source technology for networking, security, application profiling/tracing and system observability use cases. eBPF enables users to even combine and apply logic across multiple subsystems which were traditionally completely independent.
I'm not saying this isn't cool or doesn't have potential.
- Likes 11
Leave a comment:
Leave a comment: