Hacker News new | past | comments | ask | show | jobs | submit login

> To be fair, serial ports are actually really important and while we frequently don't have physical serial ports anymore, tons of devices still use serial emulation because it is such a simple technology to understand and the hard parts of the protocols are done in userland rather than drivers.

To be sure! But it's not always necessary.

> When doing unattended windows installs, a lot of people use floppy drives to store the Autounattend.xml file.

> Most people still use CD-ROM images to install operating systems,

Also both true, but they shouldn't be available unless you need them.




Not always necessary, but I think it's useful, if not important, to have by default in any infrastructure which uses long-term VMs and doesn't just replace "immutable" VMs every time a setting is changed. You always want some path to get data into the VM without networking or VGA, otherwise you have a big problem when something goes wrong with the network and you need to fix things in VMs which you don't want to reboot. This is a corner I'm sure enough sysadmins have found themselves in.

For extra-security-conscious deployments, most hypervisors let you remove most hardware, and qemu gives you enough flexibility to define nearly every device on the VM's motherboard at the command line rather than taking a pre-configured motherboard setup. The default settings in most hypervisors give you lots of unneeded hardware, but this hardware is really convenient for any user who is just trying to get a VM up.

I realize that, from a "secure defaults" perspective, the CD-rom and unused serial port increase your attack surface, but I also think this trade is worth it in most scenarios, but it's a tough line to draw.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: