Techly NewsGet the app

Get the latest tech news

Unfashionably secure: why we use isolated VMs


Would your rather observe an eclipse through a pair of new Ray-Bans, or a used Shade 12 welding helmet? Undoubtably the Aviators are more fashionable, but the permanent retinal damage sucks. Fetch the trusty welding helmet.

Likewise, AWS IoT is a non-starter for managing our devices; we operate in networks where outbound MQTT and HTTPS is simply not allowed (which is why we rely on encrypted DNS traffic for device-to-Console communication). We need to think both in terms of configuration at scale (managing thousands of instances), and very local issues (a recent example is Ubuntu changing the behaviour of /tmp permissions, necessitating customisations to /etc/sysctl.conf. I’ve not even touched on the impact on product design that isolated VMs brings, but suffice it to say it’s deeply built into Canary; when we ship devices (hardware or otherwise), they need a path to discover their Console, which is a whole separate topic.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of isolated VMs

isolated VMs

« Alphabet pours $5B into Waymo, Cruise scraps the Origin and Elon’s bet on autonomy
39% of Americans worry they can't pay the bills »