
Better slow than sorry – VirtualBox 3D acceleration considered harmful - octosphere
https://phoenhex.re/2018-07-27/better-slow-than-sorry
======
chomp
*VirtualBox considered harmful

Oracle recently started hunting our company for licenses due to the fact that
the VB guest additions software phones home. Fail on us for not considering
the license on the guest additions outside of the VirtualBox software.

Bye bye Vagrant! Time for a new workflow!

~~~
indemnity
Every now and then I think my company is paranoid for having a blanket policy
of never using a single thing from Oracle (even to extent of rejecting
anything using BerkeleyDB, and only using OpenJDK) then I see things like this
and it makes sense.

I wonder when Oracle poisoned this well (Fortune 100).

~~~
nickpsecurity
Ive been recommending that same thing for a while. Microsoft, too, if you can
get away with it. It's why I won't build stuff on .NET and Java. They were
already big on patent suits, BS licensing, and Business Software Alliance
looking for snitches. Then, Oracle went for API's are under copyright ruling.
Then, I _definitely_ wasn't gonna touch Oracle software.

------
brink
Personally, I consider it beneficial, as I'd want my games and software (that
hasn't been ported to my OS of choice, but I still trust) to run as fast as
possible. Not fully sandboxed != "harmful" to everyone.

Maybe "VirtualBox 3D acceleration not fully sandboxed" would be a more
accurate, less sensationalist title?

------
pytyper2
3D acceleration has its own issues aside from the security concerns.
[https://askubuntu.com/questions/1035410/ubuntu-18-04-gnome-h...](https://askubuntu.com/questions/1035410/ubuntu-18-04-gnome-
hangs-on-virtualbox-with-3d-acceleration-enabled)

~~~
komali2
Oh woops, I accidentally duplicated that question without realizing it a few
weeks ago:
[https://unix.stackexchange.com/questions/458034/fullscreen-m...](https://unix.stackexchange.com/questions/458034/fullscreen-
mode-in-apps-causes-gnome-shell-to-hit-80-100-cpu-even-after-closin)

Took me ages to figure out it was virtual box that was the issue, not gnome or
vscode. A shame, I liked my VM in Windows set up. Now I had to suffer through
installing Ubuntu natively on a gen3 Thinkpad x1 yoga which has been a new
class of nightmare thanks to Lenovo nuking critical sleep
functionality:[https://forums.lenovo.com/t5/Linux-Discussion/X1-Carbon-
Gen-...](https://forums.lenovo.com/t5/Linux-Discussion/X1-Carbon-Gen-6-cannot-
enter-deep-sleep-S3-state-aka-Suspend-to/td-p/3998182/page/19)

Getting my tools _just like I like them_ always has such an exhausting spin-up
time.

~~~
X6S1x6Okd1st
I've been pleasantly surprised with how well Linux subshell for Windows has
been working

~~~
pytyper2
This will work but then you have to find a system to test on, I like to have
my dev vm as close to production as possible.

------
tombert
I ask this in sincerity; in Linux land, what is a good alternative to
VirtualBox? Are there any that can do proper 3D acceleration to play games at
a reasonable speed?

~~~
robeastham
On linux you could try QEMU/KVM with GPU passthrough - install virtmanager for
GUI. Easy with a desktop, difficult to do, but possible on Optimus laptops
with - so you need the right kind of integrated and dedicated GPU there - see
this guide
[https://gist.github.com/Misairu-G/616f7b2756c488148b7309addc...](https://gist.github.com/Misairu-G/616f7b2756c488148b7309addc940b28).
Easy, but expensive route for a laptop, on a more modern laptop, would be to
attach a eGPU enclosure via thunderbolt and share/passthrough that to your VM.

If you are considering doing your VM's on a server then it's worth a look at
Unraid too - it uses QEMU/KVM under the hood but has some other advantages
too.

Edit: you are likely to lose a little GPU 2-3% due to vm overhead, but GPU
passthrough is as close to native as you are going to get. I've happily run a
high end VR headset via a Windows VM running on Unraid in the past.

~~~
pmalynin
I had a similar setup about a year back.

Running a Ubuntu Host with KVM, passing through an NVIDIA 970 to a Windows
host. Yea...the GPU performance was fast, but everything else was so slow
compared to running native. I think my biggest issue was with disk R/W,
especially when memory pressure went up from the VM the system bogged down to
a halt. After that, my biggest problems were with the fact that after the
Windows host turned off, the GPU was stuck in the weird state where you can't
reset it ( I know its a feature™ from Nvidia) and the Keyboard / Mouse would
flake since I would attach the whole USB root to the VM as well.

In the end just decided to install back Windows and not have to deal with it.

~~~
dijit
QEMU recently got multi-threaded I/O. It used to be single threaded and that
caused a lot of performance issues.

~~~
AstralStorm
By recently do you mean 2 to 3 years ago with a simple toggle?

Say hello to distributions not providing latest releases.

------
bcoates
If this worries you go ahead and disable WebGL too.

~~~
zokier
Frankly, might not be such a bad idea.

[https://www.contextis.com/blog/webgl-more-webgl-security-
fla...](https://www.contextis.com/blog/webgl-more-webgl-security-flaws) etc

~~~
mirimir
tl;dr

> However, to enable this impressive breakthrough in online technology, web
> browsers (currently Chrome and Firefox) have had to expose low level parts
> of their operating systems which previously could not be directly accessed
> by potentially malicious web pages, thus creating a number of potential
> security vulnerabilities.

------
mirimir
> One could argue that technically this component might not be considered
> attack surface in VirtualBox, due to the big warning put out in the
> documentation recommending against its use ...

Yes, that was my reaction.

~~~
barbegal
The current situation seems perfectly fine to me. In reality, lots of people
are using VirtualBox for completely trusted virtual machines so why not allow
3D acceleration for that use case?

~~~
mirimir
Can a VM with Internet connectivity be considered "completely trusted"?

~~~
barbegal
As much as a host with Internet connectivity can be considered "completely
trusted".

~~~
chii
I would have thought that vms allow the system to reset back to a known clean
state, so you can freely allow it to perform malicious actions such as
installing unknown wares.

------
whyagaindavid
If u do not need 3D, I strongly suggest moving to lxd. Using in kernel
security and it is very light. Couple it to zfs and it runs 100 containers for
a measily 15 GB RAM.

~~~
AstralStorm
In kernel insecurity you mean. Lxd escape is trivial, might not use a
container anyway if security is the goal.

Xen with driver domains and (only just started) similar support in KVM is
about the kit reasonable thing from security point of view. Maybe VMware but
that cannot be studied.

------
1996
The only valid safety model is airgapped computers, stripped of any networking
equipment, fed data only using dedicated thumbdrives coming from another
computer running a different OS

VM are a problem waiting to happen.

~~~
craftyguy
Considering all of the issues with usb, you'd be better off using floppy disks
or optical drives for data transfer to this hypothetical 'secure' system.

> VM are a problem waiting to happen.

Something something security threat model and personal risk tolerance...

~~~
white-flame
RS232 would probably be usable and convenient for said hypothetical setup as
well. Don't run PPP or anything; manually initiate transfers on both sides.

~~~
astrodust
You can pop a box over serial if that serial connection allows you to execute
arbitrary code. Buffer overflows happen in surprising places.

~~~
wahern
Of course. But the baseline stack of hardware and software for RS232 is (or at
least can be) significantly simpler. USB and Ethernet are nightmares by
comparison, and that's before considering the additional protocols that
invariably sit between those low-level transports and your application.

For a project idea I've been considering how to attach a sensitive (but
powerful) machine to the network with the smallest possible interface (in
terms of code exposure). RS232 is probably the simplest yet still functional
without getting into niche hardware standards.

On balance I think USB might be worse than Ethernet[2] or even Ethernet+TCP/IP
just because typical network stacks have probably seen more scrutiny than USB
stacks. But at the end of the day I know I'm going to want to use something
like seL4 to protect the application from the transport stack(s). And even
then you still have to worry about the hardware. There's a real dilemma in
choosing the simplest hardware that is still viable in terms of performance,
support (including ease of porting or writing drivers), and long-term
availability.

[1] Assuming a simple ethernet controller with all the fancy features disabled
or, ideally, not even present.

~~~
astrodust
Remember that someone found out how to exploit the Nintendo NES using only the
official _controller_ just by pressing buttons at very specific times.

[https://arstechnica.com/gaming/2015/01/pokemon-plays-
twitch-...](https://arstechnica.com/gaming/2015/01/pokemon-plays-twitch-how-a-
robot-got-irc-running-on-an-unmodified-snes/)

