On 25 March 2013 13:23, Waldek Hebisch <[email protected]> wrote: >> >> Using VirtualBox (and most other VM host packages) makes it relatively >> easy and cheap to keep regular snapshots. These days I usually use >> XEN on SuSE Linux with BTRFS for VM storage. BTRFS has some nice >> snapshot features. > > I am not sure about "cheap" part. VirtualBox clearly states that > making snapshots is fast, but they slow down normal machine > operation. Also, by their nature snapshots contain irrelevant > stuff which means bigger volume. Also, IIUC VirtualBox snapshots > are stored bundled with hard disk image which makes them of > limited use for backups. Maybe you meant "export" from > VirtualBox? >
I meant the incremental (marginal) cost of keeping old versions of the VM image. > > I am affraid that currently effort to get root inside VM is trivial. > So, only thing which prevents such breakin is obscurity. Obscurity > means that VM is unlikely to get rooted by a bot, but if we ever > get attention of wannabe human black hat, then system inside VM > would give up. I would like to make this a bit harder and I think > that this is possible with reasonable effort. > I agree. It is probably a good idea not to expose any ports on the VM to the Internet. It only needs to be accessible to a virtual network or a strictly local LAN segment. That is why I prefer the use of poxy in Apache running natively on the host. It is easier and one has additional motivations for wanting to protect the host itself. In comparison the security of the VM seems mostly trivial to me. But perhaps I do not understand exactly what you mean by getting root inside VM. If the VM has no exposed ports it is difficult to see how this could be accomplished through the Apache proxy. Regards, Bill Page. -- You received this message because you are subscribed to the Google Groups "FriCAS - computer algebra system" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/fricas-devel?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
