Qubes OS

What's wrong with Qubes? Why aren't all of you using it?

I used to think of security in terms of attack area (code size) patch speed (to known vulnerabilities in active development) and obscurity (sometimes programs that're no longer in active development). But I've thought that even though I have all of this open-source and auditable software: who is actually auditing all of it?

I don't see why you should trust code (open-source or not) that no ones auditing. You remember the phrase during the heyday of gamergate that went something along the lines of "Don't Trust, Verify then Verify Again"...well, that attitude should apply to your software. In other words if you haven't verified it then you don't trust it.

Qubes intends to address this by reducing the amount of trusted code as much as possible. And it seems to me to be an ideal OS for all the botnet fearing faraday cage building tin foil hatters on this board.

Why don't you use it? Why isn't it talked about here? Why shouldn't I set to work tomorrow morning on installing it to everything that I possibly can?

Other urls found in this thread:

media.ccc.de/v/32c3-7352-towards_reasonably_trustworthy_x86_laptops
libreboot.org/faq/#intel
qubes-os.org/doc/templates/debian/
stallman.org/stallman-computing.html
qubes-os.org/doc/system-requirements/
libreboot.org/faq/#intelme
qubes-os.org/doc/gui/
en.wikipedia.org/wiki/Hugh_Shelton
en.wikipedia.org/wiki/Jacob_Applebaum#Personal_life
blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/
blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/
trisquel.info/en/forum/librem13-fully-free-time#comment-74207
twitter.com/ioerror/status/612214488163590144
qubes-os.org/news/2015/12/09/purism-partnership/
mail-archive.com/[email protected]/msg43618.html
libreboot.org/faq/#librem
qubes-os.org/doc/verifying-signatures/
xenbits.xen.org/xsa/
roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/
blackhat.com/us-16/briefings/schedule/index.html#subverting-apple-graphics-practical-approaches-to-remotely-gaining-root-3388
qubes-os.org/hcl/
web.archive.org/web/20070208025303/http://www.rutkowska.yoyo.pl/
itnews.com.au/news/xen-patches-critical-guest-privilege-escalation-bug-431869
qubes-os.org/doc/user-faq/#why-does-qubes-use-xen-instead-of-kvm-or-some-other-hypervisor

large attack surface.

Its pointless trying to sandbox software when the hardware itself is botnet.

May as well use your computer to its full potential rather than running everything in a hypervisor, because either way you're a target and using Qubes is like putting a bandaid on a gunshot wound.

There's a point where an amount of autism stops and requires more than autism to evolve into advanced autism.

My CPU does not support virtualization.
That is all.

Because it makes no effort to prevent getting pwned in the first place.
Don't get me wrong though, I think it's a nice concept.

My desktop hardware is not well supported by it. I need my full CPU and GPU for encoding, vidya and other tasks.

It is a good choice for laptops though.


The state of x86 hardware security is pretty depressing. But if we take up that defeatist attitude then we've already lost. Projects like Qubes and CoreBoot/LibreBoot are good first steps. The guys making the Librem laptops are petitioning Intel and others to improve the situation. I am looking forward to what they may accomplish in the future.

Here is a talk from the developer about how bad x86 hardware currently is if you haven't seen it:
media.ccc.de/v/32c3-7352-towards_reasonably_trustworthy_x86_laptops

I see people say this all over Holla Forums but I never see any proof.
I mean I avoid any new/recent tech, and there are now things like Intel's vPro spyware, but I'm talking about things that are supposedly unavoidable, as everyone says.

It looks and sounds like pubes.

Just keep your software up to date and keep flash and java plugins uninstalled. 99% of attacks will be thwarted.

If super hackers are targeting you, virtual machines won't save you.

What about moving towards other architectures? like ARM were any vendor can get a license and thus you can make sure the chip has no backdoors baked-in? or RISC-V to be extra sure of no foul play?

But Qubes isn't just about reducing damage from exploits.

Because I'm too lazy for all that shit. Ubuntu does the job for me just fine.

ARM seems to be the way of the future anyway with everything short of enthusiast or professional workstations moving to tablets like the Surface (yes, I know it's x86) or iPad pro types. Hell, I don't even have a real laptop anymore, just an Android tablet with a keyboard on it.

The license costs a bucketload of money I thought, but RISC-V is going to be opensource....

Software isolation is stupid.

If you want to isolate stuff, put it on separate hardware.

t. Theo the Rat

But in all serious, what reason besides cost or convenience would there be to choose software isolatin over hardware isolation? With software isolation you've got to worry about vulnerabilities in the software.

Large server running Xen, or hypervisor of choice.

I'm going to want to put things on the internet accessible device. Things that I don't want compromised (passwords). I'm also going to want to put things that are less sensitive on the internet, but strictly in my own terms (for example, don't want anyone making excessive demands for my catalogue of data).

Furthermore I cannot claim to be a libertarian while I refuse to share the means to liberty (banned books and so on). An element of risk is therefore self mandated.

Lastly, and "in all seriousness", just because something is airgapped does not mean it's invulnerable. Your computer takes in and throws out noise that's visible, audible, and electro-magnetic. The only solution to that is a noise cancelling faraday room.

It's good practice to lock down the software, just as it's good practice to lock down the hardware.

SystemD

Other than that though, I do like the idea.

It's not that software isolation is stupid, it has many administrative advantages, which is why OpenBSD is making a VM hypervisor now that they have the funding.

It's just that VMs for security reasons is a false prophet.

t. Theo


I still think containers are the best idea. If Ilumnos can have KVM then we should get Zones.

But don't virtual machines provide better isolation by isolating the kernel as well as the userspace?

The way I see it:

Linux container + kernel exploit = pwned

Virtual machine + kernel exploit = still isolated

Doesn't mean VMs are perfect, but it would seem like they're better than containers.


Didn't get the point of that whole paragraph. Yes, I know that the point of VMs/containers/etc is to protect information. But that doesn't change the fact that, as far as I can tell, hardware isolation is better than software isolation.


Duh. But just because something is potentially vulnerable does not mean that it is not less vulnerable than something else.

For example, you don't use Windows instead of Linux because Linux "is potentially vulnerable" to exploits, and is therefore (by your logic) no better than Windows. Just like you wouldn't use VMs over hardware isolation just because hardware isolation is also potentially vulnerable to some exploits.

The fact, as I see it, is that hardware isolation is vulnerable to less exploits than software isolation. Its attack surface is smaller. Software isolation is just as vulnerable to the compromising emanations you mentioned as is hardware isolation. But with software isolation you throw in the added attack surface of the hypervisor and all its emulated devices.

libreboot.org/faq/#intel

I've tried to use it. My desktop hardware isn't supported. It runs on my laptop, but I can't use wifi because there's no available driver for my hardware wifi switch (Perma hardblocked) and with only 2gb RAM it's pretty much unusable. Once I get enough money for a new laptop I'll install it.

The Issues with Qubes OS Right Now

WRITTEN BY SOMEONE THAT IS USING IT WITH WHONIX AFTER CAREFUL RESEARCH AND FIRST HAND EXPERIENCE

First problem: Xen.
It is is DESIGNED (though not originally), RAN and DEVELOPED by a community with a deep interest for cloud computering and server-based activities. It, itself, was never meant to be used as a security tool (dom0 degregation is rare as .FCK). The direction Xen is going with its lead, community and support might crash with Qubes OS devs in the future.

Second problem would be dom0's root file system limitation sandbox; very annoying to set self-destruct parameter and cleaning forensics on it - also have issues with software bugs, drivers, updates, USB/external and DE collusion amongst VMs right now. No deniable plausibility either. It is actually really crap.

Third problem = MISS JOANNA RUTKOWSA!
She's a cutie and her team members are also top chums with great talents but if she wants people to care about security, WHY WOULD she make an OS based on Fedora Xen (already easy to do by Holla Forums standards), call it Qubes, when really, it is just Fedora with Xen; why can't she just get people to learn to use Xen/Linux? Why does she need to be the middleman? Also note Qubes' hardware requirement is higher than vanilla Fedora Xen.

IMPORTANT IMPORTANT IMPORTANT

Finishing from the above point, she also wants to turn Jewtel Aviv's chips firmwares into a security bonus: instead of removing them completely like other GNU communities; what I mean is that she actually believe it is possible changing ME, TXT and &et cetera. into a security enhancement. Honestly... what the fuck? I know she's a SJW but does she secretly work for the Chosen people? Or does she actually have a good heart and believe it is possible? The augment against this point that "because there are no hardware available right now" isn't good enough, by resigning to just modifying more future and current Intel chips they will get lazy and give up in the end since they never can solve the issue with such thought application. The hardware compatibility partnering with Purism shows that they are already taking compromises.

Quaternis Consultationis: I don't trust anything ever. You shouldn't either. Use it and distrust it, and probe it and hate it until you find something better.

PRO: It is very very easy and user-friendly, and the hardware req. isn't too high or expensive. I like it personally... BUT... BUT. BUT!
I am an autist but suck my dick you antis

Fuck I accidentally a word!!!!!!!

I was talking about Qubes with a bro on Holla Forums some time ago. He told me that he was just using a stripped down, non-persistent Debian live image with virtualization software (You could obviously use any distro you wanted). He had his Whonix VMs on another USB drive. The idea being that you never use the Debian host system for anything other than running the VMs, and you'd therefor almost certainly never catch any malware. You'd only use Whonix. Basically, like TAILS but with virtualization.

I've tried this out myself and I really like it. Plausible deniability encryption on the Whonix USB, and build a new live image whenever important security updates arrive. It generally just seems smart to never mix your daily work/whatever with activities you want to keep private. Keep an entirely separate system for your private shit, and, when using it, only access the internet through the torified VM.

I guess you could also do this Qubes, but I've never tried running it as a live USB - I imagine it would wreck the shit out of your system unless you have a massive pile of RAM.

not really bro... if your computer/os/VM/hypervisor need more than 8GB it is probably compromised, bloated or it is simply shit

i run qubes fucking fine with 8gb

Why a whole new fucking OS though?

decent synopsis, you know you can replace fedora with whatever distro you want right? if you're willing to put the effort into it, anyway.

they have builds for debian here:
qubes-os.org/doc/templates/debian/

but yeah it's the least evil i've encountered, hypervisors are cool. also very simple to use. good to know someone's trying.

i like qubes.

because it's built off a hypervisor, not what's regularly known as an OS.

completely different architecture. basically qubes sandboxes everything. you can run windows and linux OS' side by side, natively.

I thought it was just yet another Linux distro with preconfigured Xen

no, it's a Xen distro, not a linux distro. Xen runs on the hardware, and virtualizes linux. and windows, and whatever else you'd want to configure it for.

Joanna basically just made an end-user product of Xen, and preconfigured it with fedora. Which is pretty cool. I use qubes for all my daily shit, intel can still remote into my PC but at least i can run flash in one VM and do my personal shit in another, easily.

Sure but I was never talking about it from a security standpoint, containers in practice can do much of what people use VMs for just in a much MUCH more scalable way.

You should check out some talks Joyent does on their debugging zones practices, shit is nutter butters.

its a shitty MemeOS like TempleOS or KolibriOS

Nigga please you have no idea what you're saying

enlighten me then

The security properties are great, but the other advantages of VMs are amazing as well. I love being able to pause and save state for any program I'm running.

the whole thing is designed to reduce attack surface and mitigate the problem if any individual component was compromised


except you still have all the regular security of linux


best argument itt


and don't open pdfs


xen bugs are rare and would destroy most cloud provider's security at the same time. i don't think anyone's burning one on you


qubes is just xen with some management shit on top to make it play nice. copying between vms and shit


good post
state of antiforensics on the machine is shit atm but that's not the problem she's trying to fix
qubes > (fedora+xen) because of all the desktop integration shit (i never tried f+x on their own so can't say how much better). the gui colors and cross vm file transfer stuff is cool. you don't even have to trust the filesystem to store your vms.
if you don't trust x86 at all though, not sure there's much an os can do for you

What is there for a poor marginalized natsoc member to do against such advanced threats?

stallman.org/stallman-computing.html

sorry bud. this is your new life from now on

There's a Xen logo in your image. It has to be shit.

Sorry guys, it looks like you're hosed.

*in your email client

I no English good today.

That's a lot to me... My most powerful machine has 6gb of RAM, and its hardware is incompatible with qubes. The only machine I own that can run qubes has 2gb of RAM which renders the OS unusable.

That's a lot to me... My most powerful machine has 6gb of RAM, and its hardware is incompatible with qubes. The only machine I own that can run qubes has 2gb of RAM which renders the OS unusable.

Is it possible install qubes tech (lightVM and patched wm and whatelse) separately from Qubes OS?

hdd's

i run qubes on an i5 w/ 6gb ram, no problems. you do need at least 4gb ram though.


and run them on what, arch? good luck, i doubt it. just use vm's on whatever you want to run.

VMing everything requires too much power and resources for my weak machine.

VMs are heavily exploitable

Xen seems pretty secure man, it's a straightforward concept and this OS does it well.

bumping because this deserves more attention.

orly? can you show us how?

I have an i7 (~5yrs old) and 6gb of ram and an R9 290. It installs fine, but is utterly unusable; lag, extreme screen tearing, cursor hangs for several seconds at a time, etcetc...

It's bloated and requires better hardware than I have to run acceptably. It also, AFAIK (though feel free to correct me), runs only on x86. It's a problematic architecture from a security perspective.

I understand the user-friendliness argument in order to try to build a userbase, but I don't think KDE is an appropriate standard DE for a supposedly secure OS.


See above.


See above.


There's a Qubes thread at least once a week. That's not counting all of the mentions in other threads.


Nobody cares what you do or don't do.

ludicrous, of course it runs on amd64

You don't have to use KDE, you can use XFCE. If you don't like either you can log into dom0 root yourself and change it manually

yall are just lazy

I wonder if it would be possible to create something similar to Qubes OS, using KVM and OSv instances for programs.
Is it possible for KVM guests to rely on the host's drivers, so that they drivers are just making requests essentially?

I've never heard of OSv.

Huh yeah I dunno. I'm on a t410, i have had 0 problems with qubes thus far (beyond obvious stuff like setting up printers etc)

here are the system reqs, see if you're missing anything qubes-os.org/doc/system-requirements/

I'm currently running hardened Gentoo.
Is Qubes OS more secure than this?
I've heard security through VM isolation is a flawed concept (see Theo).
Are there any rigorous analyses comparing these two approaches to security?
I don't want to be a rube, getting cucked by black hats or governments.

Sounds like a driver problem tbh.

first i gotta say, as far as staying anonymous on the net goes, abandon all hope, because there is no getting around the gov't when you go online regularly. As long as computer parts are manufactured by a gov't regulated industry there are going to be so many proprietary blobs on your hardware that it's impossible to know what is and isn't on your computer, regardless what OS you run. Read more here: libreboot.org/faq/#intelme
tl;dr post 2006 intel has the ability to remote into most computers using their processors. I can't imagine it's difficult at all for the NSA or whoever to get access to that.

As for security, I personally don't know the process behind a hardened kernel/distro, but my gut feeling says that security-by-isolation is better if not worse. Say you run firefox, sure firefox might not have any r/w privileges to any sensitive directories, but it's still one of the most insecure browsers out there (mostly due to its popularity), think about what you're risking when you run FF on your machine. However, with qubes or any virtualization software, I know that even if my FF install is compromised, so long as I wasn't using it for my online bank or cryptocurrency or whatever I don't really have to care, because i know the chances of it breaking through the virtualized simulation and rooting my computer itself are slim to none.

The main philosophy behind security-by-isolation is that you keep your slutty browsing containerized in one vm, and do your important, work-related browsing in another with software you trust. Torrent on one, bank on the other, like that. Rather than mixing all your shit in one OS which is exponentially more likely to be compromised over time.

so yeah that being said, i'm really impressed with qubes, they did a really good job with it and continue to do so. it's pretty much just one huge VM manager using fedora for the OS/DE/user interface. try it out.

i should clarify, qubes virtualizes the components of fedora that allow you to get wifi and everything else, pic related. basically you load an OS into qubes and it uses it as a template to then virtualize whatever components you need (notice the netvm is red, and the wifi icon in the taskbar has a red box around it)

you could build your own template if you wanted, so far they support fedora and debian, with volunteer builds of whonix (which works really well btw), ubuntu and arch. ITL also maintain tools to run windows in qubes as well, which is fuckin killer. might actually make me buy a license for once.

Fuck dom0's sandboxing honestly
taking a screenshot with Ksnap and moving it is so annoying

security vs convenience. copypasting is annoying af too but there's not much can be done

screenshots are annoying yeah, seems to be restricted to each VM window. makes sense why it wouldn't work.

So is Fedora dom0? Because if so, then I don't see how this OS can be considered very secure.
If it had a kernel with PAX patches in dom0, then it would be more convincing.

So it uses KDE?

dom0 doesn't touch the network at all. you only use it to run kde and launch the other vms. that's what makes screenshotting such a pita. the other vms let you share stuff between them pretty easily but not dom0 because nothing's supposed to run in there. the whole system is built to be safe even if a single vm got popped but if dom0 was owned that would be game over

can make it work with xfce but yeah kde is default. it uses a custom kde theme that changes window colours depending on security context

...

Not that guy but can you elaborate on the reasons you feel KDE is shite? On a powerful rig I've only had good experiences with KDE.

I thought dom0 controlled access to hardware, so how does it not touch the network at all?
Doesn't it have to provide access to the network controller to all the other VMs?

even the hardware is isolated. it uses directed I/O (VT-d) to run the drivers inside a network VM. it means even if someone had a wifi driver exploit they couldn't get onto the rest of the machine. and then you can chain together multiple network VMs for extra fun

the docs make a big deal about not using dom0 for anything

Doesn't support my hardware.

Will this sort of thing be compatible with Wayland, where the client program draws itself rather than a server drawing all clients like with X11?

at the moment each vm has its' own isolated x-server so i don't think wayland would make a difference

[would you like to know more?]
qubes-os.org/doc/gui/

during installation it gives you the choice of KDE or XFCE

i'm on XFCE, no real complaints.

Hey I made the long post earlier in this thread...

All I want to say is that Qubes OS and many systemd variant are compromised (including Debian's Whonix/Tails sadly)

Do not trust it

Whonix might switch to Devuan later on... but I think Tails is finished...

Jacob Applebaum works/for with Purism (which is a secret NSA/distraction project that seek to fragment our movement) and heads the Tor project or at least as its main PR...

We're fucking smoked honestly

All in all, Qubes OS = Fedora = systemd = RHEL = NSA, which supports Purism = NSA; anyone that supports systemd or Purism are quarks

also this guy is the head board for Red Hat/Fedora

en.wikipedia.org/wiki/Hugh_Shelton

lmao boizz

Can I just say Applebaum is also Jewish

en.wikipedia.org/wiki/Jacob_Applebaum#Personal_life

Can you give something to back your claims up? It would be helpful.

Coreboot/Thinkpenguin on Purism

blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/
blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/
trisquel.info/en/forum/librem13-fully-free-time#comment-74207

twitter.com/ioerror/status/612214488163590144
qubes-os.org/news/2015/12/09/purism-partnership/

You need to know about init/systemd/Ian Murdock to understand how RedHat is actually ""backdooring"" Linux, but I am assuming you to be the an OS based on Xen guy, so you probably lack the technical knowledge... Xen is an added mircokernel to a Linux/*nix Dom0... there is no such thing as a """Xen OS""" and systemd itself is basically a monstrosity like GNOME 3

Research that on your own and come to your own conclusion, Whonix creator Patrick already voiced concerned about Tor/systemd on various mailing lists.
Redhat is long associated with the US gov./NSA: they have multiple government contacts and renewal each year...

Look at SElinux, and MAC which is basically governmental backdoor that Linux personally coded in wayback in the late 1990s (when the Linux Kernel became non-free with blobs) yes the Linux kernel is non-free, now you know

What does Ian Murdock have to do with systemd? Didn't he leave Debian long before systemd was even a thing?

How does Librem not being completely free make it as bad as you claim? I'm not a fan of the whole thing, because I do think it misrepresents what it is. Whenever it gets brought up in a positive context I explain what's bad about it.
But Purism laptops are still better than your average laptop that comes with Windows. If they optionally come with QubesOS that doesn't make QubesOS bad.

It sounds like you're implying that SElinux has something to do with blobs in the Linux kernel. It doesn't. They're separate issues.

Is it not possible to replace the default dom0 template (Fedora) with something else? I'm not sure how libre Arch is, but there is a volunteer-made template of it available for Qubes.

And yeah, we are fucking smoked...

look at what specifically? how is it a backdoor? you're vaguely implying it's insecure while also avoiding actually saying anything.

let me guess, you're implying they're all jewish?

give us technical information or fuck off back to >>>Holla Forums

from the linked article
here's a guy from Purism contacting the coreboot mailing list in august 2014 so that's bullshit for one thing
mail-archive.com/[email protected]/msg43618.html

oh shit he's also a director at Anheuser Busch
Budweiser confirmed NSA distraction project

great taste jet fuel can't melt less filling beams

"""He""" ""committed"" ""suicide"" shortly after he was found out to be helping, or expressed a desire to help with the Devuan project :)

lets be fucking honest here, they fucking killed him


lol you kids are so fucking stupid, you think Snowden ever STOPPED working for the NSA? Of course not, he's a marionette

Yeah Todd was just snooping there, did he, himself or as a CEO of Purism ever made actual, legal, business contact or in-depth inquiry? Of course not, the Librem's """"Coreboot freeing"""" was done by a Google software developer.

libreboot.org/faq/#librem

Nigga, SeLinux/MAC ARE the blobs in the kernel, or rather two of MANY

...

I bet you think MAC stands for Macintosh.

Do you happen to have a source for that? I can't find anything that was written before his death. All I can find was Devuan people considering him the spiritual father of Devuan because Devuan is the "real" continuation of Debian, and even that was written after his death.

You don't know what a blob is.

A blob is a piece of the kernel that is not free software. Usually, the source code is not available. Blobs are firmware or drivers that the manufacturer doesn't feel comfortable releasing.

your technical knowledge is wanting

a blob can be a low level code existing within any kernel or program which is complied or have its majority of lines written by a higher level language/code or binary as well (which is almost impossible to read/reverse engineer if it was written in an obfuscated way, eg: C/assembly can hide within another part of a larger program written with php), firmware blobs/software blob are just the easy name for plebs like you to understand what's what

and no low level code doesn't always mean assembly """languages""""

Haha, are you seriously doubting an organization that can break international jurisdictions in pursuit of their own goals can't kill someone and make a mockery of his death easily? NSA have the resource that enable them to tap and redirect underground-sea cables directly into their domain (for a number of years), you think they can't fuck Ian up if their boss allow them to do it? They'll do it gladly, all servers using GNU/Linux are a net-lost for the techno-military complex since they don't go to a puppet corporation for support and have the ability to fix problems it themselves.

If they can cut into fiber optics, they can probably fuck with satellites as well.

Honestly we're all fucked, nano-tech is coming, VR is coming, Ultra-GSM ray are coming not sure what can be done at this stage

Move carefully and distrust everything

It sounds like you don't know what free software is.

For something to be free software, you need to have access to the preferred form for modification. What you're talking about is not the preferred form for modification, so it's a blob according to my definition.

Is SELinux an example of that?

The Linux Kernel is not completely free

do u git it now?

u can google linux libre ok


"Don't trust this security faker, and don't trust the next one."

I know that. I never claimed it was completely free. All I claimed was that SELinux and blobs in the Linux kernel are separate issues.

If you can't see the point of the post was how stupid it sounds to kill someone in a contrived way because of something irrelevant, there is no hope for you.

Last I checked, SELinux was non-obfuscated C.

Oh you're so full of shit.

Even if purism is a kickstarter scam like anonabox, what does that prove? Some guy is out to make a buck. Qubes involvement is to let them sell hardware with a 'Qubes compatible' sticker on it.

This thread makes it sound like Joanna and Terry go to illuminati meetings together.

Yeah, great. We know spies kill people. That's not the crazy part. What's crazy is a mentally ill guy who killed himself being a target of the NSA because he worked on some random OS project. If you believe their murder threshold is so low there should be a lot more dead devs in the world.

He was not mentally ill my friends, that is the scary part, I know none of you can stomach this... but. you have to in the end

they have us by the balls and our children's too


For SeLinux to be compatible on almost every major distros and so easily implemented by even the most dumb-brick user means that the kernel itself already have codes that aids in the acceptance of it being blobbed

my friends please... you're making me want to go use overchan.2
blya

and what are you basing that on?
he had what looked like a psychotic episode and you're trying to say that government conspiracy is much more likely than it being a genuine psychotic episode? get to fuck

gonna need a source for that statement, hoss

fucking derailment, can we get back on topic?

bumping because i want to hear more opinions on this OS. running it currently and am very pleased, although I lack the skills to audit it.

frankly given the situation outlined by , it is to be acknowledged there is no way to completely outmaneuver the NSA (other than never going online), all I'm curious about is how effective compartmentalization of processes is at running a secure environment.

Mainly I'm interested in an OS I can run cryptocurrency wallets on. I doubt the NSA is going to steal my bitcoins, but other people are. Having a secure VM one the same machine I browse 8ch with is handy.

Its also nice being able to run different OS' natively.

The no Anti-forensic problem is huge actually

because in a situation where you easily break into a system - but it has no trace, that is somewhat fine, they can delete everything, keylog etc, but you can set up a parameter that detects that your system it has been tempered with, so you simply physically destroy it and get a new 50$ thinkpad

but in a situation where after a massive struggle you, as the hacker, break into a system, and it has a dom0 with all that shit in it, you've basically fucking won - since Qubes doesn't allow you to set up Anti-forensic in it or even a security system to detect intrusion

it simply tells you: 'hey! you got anti-evil-maid, you got net isolation, you got compartmentalization, this is the only way, since anti-forsenic cannot be trusted at all, you shouldn't use it and we'll disable it.'

also note dom0 doesn't allow you to wipe ram as well, if the cops come in, hibernate it and reboot it at the lab they can basically reproduce everything you done in that particular session

holy fuck man i just want to be a good goy citizen tbh fam..................... why i can't enjoy my nikka and lera at ease FUCK

also note that though the FBI hunts pedos worldwide, they protect Dick Cheney and his pals everywhere especially in Thailand and Bali

also note that encryption key standards are chosen by the NSA, and the random key generator in all encryption software actually use pseudo-random-generator

also note that Hillary Clinton does not use Encryption, her emails can leak, her whole server can be broken into, but she can do anything, and she's still running the white house with her pals
==she'll always be free because haha f u c k a y o u c kay u r j u s t a f u c k i n g s l a v e p l e b==

dubs pls

your post is confusing me because you use the first person pronoun "you" to refer to the attacker and the defender in the same sentence

you seem to be talking about intrusion detection features for catching remote attackers so what would be the benefit of anti-forensics in that situation?

what specific features does qubes disable?

unless i'm missing something antiforensics is only useful for deniability if the cops come (in which case you've already fucked up)

you really think it's better to have shit security and get owned (but know it) than strong security that will stop almost all attacks? that doesn't sound right to me. unless you're important enough to burn a xen privesc, no one is getting into dom0 in the first place

Have you even used Qubes before lol

me or this guy?

this guy ain't neva even used da pubes b444

i also love how qubes verification process doesn't have md5sum, sha1sum, sha256sum and sha512sum and just have a digest and key cause just trust us you dumb fuck!!!!

are you fucking retarded? are you that same dipshit from the tails thread that doesn't understand digital signatures?
the digest has a sha256 in it


[would you like to know more?]
qubes-os.org/doc/verifying-signatures/

even though people like are ultimately correct, the attitude of the qubes team is really refreshing. most other distros are infected with sjw bullshit, these guys are totally redpilled.

gotta say i'm really impressed with this OS.

OSv can be used with Xen now (used to be KVM only).
This raises the question, why have a full Linux stack for each VM and not just one application or driver built on OSv for each VM?

Have you read Joanna's Blog?

She's a huge edge-power-level-SJW on another level.

this is funny since she literally invented blue pill virtualisation attacks

show me. all i see on the blog is tech stuff

nah, you're full of shit

She must have changed it then

I remember her having some insane-bat-shit about veganism and equality/combating against oppressive countries like russia or some shit

bump

yeah dunno where you're coming from. hell watching some of her presentations she isn't afraid to call something stupid when it is. she's the kinda lady i'd enjoy a bdsm relationship with.

in any case, it's a lot less bullshit than you'll find in most other mainstream linux distros.


started using qubes to run some cryptocurrency wallets and everything is going really well. still having issues creating a separate internet tunnel so I can send only specific applications through my VPN.. other people have done it though so it's just me/my setup.

this is shit

just wait for openbsd to have virt and use that instead

touching systemd-based projects is suicidal at this stage

...

does arch use systemd? there's a community build for that, if you want to replace the hardware-accessing OS (fedora by default) with something else.

bump, this os needs more attention.

I'm running the saem. I think for the most part hardened prevents malicious code from compiling. This is it's security feature I would imagine.That is to say, the malcode in question actually needs to compile and can't just run as is.

Seems to be going fine for everyone else but *BSD faggots
Being a paranoiac retard doesn't mean you're right :^)

edward snowden shill this so fucking hard
obviously its honeypot or compromised since he's nothing but a marionette

in Qubes, the space that manages the virtualized applications (dom0) has no network access. For all intents and purposes when you run Qubes you're operating entirely within a sandboxed environment. That doesn't happen with vanilla distros, unless you go balls deep customizing it with things like AppArmor, in which case Qubes is still better as it does that by design and uses far less lines of code (potential bugs/attack vectors) to do so.

again, look at the pic here

You'll see most every process that makes up the UI/UX is virtualized, most notably network access. there is no direct interaction between the Apps you use and the hardware on your computer. sys-net is the one exception as it has access to the wifi/ethernet hardware, but the net connection is tunneled again through a virtualized firewall before it reaches your virtualized applications. in order for some malicious code to compromise your physical machine, it would have to break through the virtualized space and worm its way through the virtualized containers until it reaches your actual hardware/other appVMs. Handy, when you have firefox with all your favorite shitposting addons in one VM, and vanilla chromium in another that you only ever touch for logging into your bank account.

i'm no pro, but i feel better running qubes than I have on any other distro. it's a huge step forward in bringing security to userland.


could be, it is open-source so i don't really see reason to care in that regard. Intel can remote directly into my hardware and read my RAM at any time so like.. fuck it. At this point all I can care about is running a secure environment that i can shitpost/fap on. If the NSA/government were interested in you enough to track/find you personally, running a secure distro shouldn't be your priority, getting the fuck out of their jurisdiction is.

Qubes can probably run on a libreboot'd x200 though. That'd be pretty awesome.

Intel ME/vPro is unavoidable and unpatchable

gonna keep this thread bumped

buhmp

I'll bite and give you a serious answer.


This is definitely a fair point. Auditable doesn't necessarily mean audited.

The only way to guage this for yourself is to dig into your system's internals.
That means looking at your kernel and understanding it. And that isn't
something that a task that most people are even remotely capable of.

With that being said, the important parts of the Linux Kernel have a *lot* of
eyes on them. Relative to their codebase, the same can be said of BSD
distributions. (Perhaps even more, due to the fact that they share a lot of
code back and forth.)

But for smaller projects that your system runs with priviledges, yeah, you're
in trouble. And you're right to say that keeping the attack surface small is
a good bet.


That's mostly an agreeable statement.

Keep in mind that a lot of the functionality of Qubes is provided through
proprietary, closed-souce Intel option roms.


...You realize that Xen is software, written by human beings, running in
ring0... right? Xen doesn't have that great of a record, either:
xenbits.xen.org/xsa/

And to take this further, not many people are running Xen on their personal
computer. The large majority of Xen users are in a datacenter, eg: AWS. Anyone
who has worked on kernel drivers knows that this shit is not simple. When you
start using Xen outside of its common environments, you're enumerating edge
cases.

Joanna got a lot of flak when she chose Xen for her idea of hypervisor based
security. And frankly, the majority of my problems with Qubes are related to
Xen and the way that it is trusted.


The idea itself is not bad.

The way that Qubes lets a user logically isolate the different parts of their
life is useful. If you regularly use Tor, I think you should use Qubes. If you
want to try and mitigate the ability of having your machine fingerprinted,
Qubes is not so bad. Doing IOMMU pass-thru to a VM for your machine's
networking makes it really easy *as a user* to be sure that you're not leaking
DNS requests, for example.

But a frontend for the sake of allowing users to logically separate their lives
doesn't rely on an "isolated" ring0 hypervisor. Not for IOMMU NIC passthrough,
and not for keeping dotfiles separated.

If you're analyzing malware, I'd be really skeptical of the idea that someone
can't find a way to break out of Xen. And if they do find a way to break out,
Xen does nothing to help you. It's all or nothing... So how is that better than
a monolithic kernel that tries to be secure in ring0?

If you look at OpenBSD, for example, they have W^X, pledge, and ASLR. If you've
studied software exploits, you should be able to understand how those make
things difficult.

The real issue that I have with Qubes and Hypervisor / Containerization as a
security practice is that it's peddled by people who see it as a magic bullet.
To loosely quote Theo De Raadt, do you really think that the people who can't
write secure operating systems can turn around and write secure hypervisors?

Systems programming is really really really hard, and people who stand on their
shoulders are blind to it.

That libreboot faq was enlightening. Thanks for the link/info and fuck intel.

So you're saying it's a good idea that doesn't require a hyporvisor to give the same experience to the end user, and that current virt technologies are shit for security since they are x86 and not a cleaner architecture?

You know what's funny? It's been 137 posts and no one mentioned that Joanna is a trap. The sources on that are mostly removed, but if anyone cares enough, I can provide some proof :^).

Kind of.

I'm saying that the way Qubes provides a framework for users to classify their
identities/tasks from each other and isolate them *mentally* is a novel concept
that I think should be adopted by other operating systems -- not for the sake
of memory safety (which was Qubes inspiration for this pattern) , but because
this is a good security practice for someone trying to remain anonymous online.
Tor can only keep you hidden as far as you don't leak your own identity.

(The more I think about it, what I really am arguing for here is plan9-style
namespaces / union directories.)


Sure, there might someday be a hardware that actually can gaurantee security
benefits through virtualization.

But that's not an inevitability. The irrelevance of virtualization in this case
is not a direct shortcoming in x86, or something like that. It's just the idea
that someone in Ring0 is responsible for memory safety, whether its a
monolithic kernel or Xen. Unless the hardware provides extensions to make it
possible to guarnatee safety, which would be a fairly big leap, we're stuck in
a software design situation where you have to worry about limiting the damage
that someone can do with an exploit.

*and xen doesn't implement many mitigations to limit someone with an exploit.

It's a shitty meme niche OS, there's no point in using it over shit that isn't retarded.

go on then. this gets brought up from time to time but i figured it was just r9k shitting on her


back to your browser thread, fucknugget

Your arguments are more about hardware insecurity in general, rather than how it relates to Qubes. And you're right, a good majority of computers out there are insecure by design.

However Qubes does a good job at providing a virtualized front-end for communicating with the internet. The machine might be insecure to intel and other high-end spies but having a layer of insulation between the Net and the machine itself is worth it. More security than you can expect to get with any generic distro.

No, I don't think it's fair to say that.

I don't like that phrase you're using, "hardware insecurity." That phrase gets thrown around with regards to trusted hardware and vendor blobs and physical security and whatever, and while that is a topic that is hard to argue for Qubes, I'm willing to totally concede that spectrum of problems. So let's pretend that intel open sourced all their blobs today, and we audit them, and they're squeaky clean.

My problem with Qubes, and the argument I made in my above posts, is squarely around on the idea that virtualization alone provides a meaningful abstraction for the purpose of providing memory safety. This is the claim made by the Qubes crowd. I don't buy it!


This is exactly the argument I made... The benefit is that it makes it easy to implement safeguards so that you don't pwn yourself. (But I don't think that's unique to virtualization.)

If you play around with a Qubes livecd, it's really natural to separate your life into domains. That's a really good development for identity hygiene, which is something that few people think about until it's too late. Inb4 Ross Ulbricht.

Passing the NIC through to the VM makes for a useful sense of separation. It even makes your machine harder to fingerprint. It also provides for a mental sureness that your LD_PRELOAD hack isn't leaking your IP.

And that's useful.

But don't kid yourself into thinking that this *also* provides meaningful memory security. It doesn't /guarantee/ anything that a monolithic kernel can't. It just adds another layer-- a layer which can have bugs.

So to reiterate again, Qubes has good ideas, but it makes claims about isolation that are dependent on code quality, which is true for any of our current operating systems with a monolithic kernel. It's not a meaningful fundemental development from a design standpoint. That might not be true forever, eg: if the ISA is designed around it, but it is right now and will be for the foreseeable future. (why? Because ARBITRATING BETWEEN SOFTWARE AND HARDWARE IS EXCEEDINGLY DIFFICULT. Go to a random article on osdev if you think otherwise.)

Qubes is worth checking out. The ideas it builds upon wrt mental-isolation will almost certainly end up in other systems. Qubes is probably worth using today if you need to use Tor regularly.

But the claims that virtualization fundamentally provides security are dubious at best.

Excellent rebuttal, your argument would be to only run open-source software that's been heavily audited? Qubes is still pretty young, its only been out since 2012.

I get that software everywhere has bugs, known and unknown. No matter WHAT you run there's gonna be a weak spot somewhere. Taking that into consideration, Qubes gives me what I want, I switched to it from Debian and not much has convinced me to leave.

POST JOANNA'S TRAP/TRANSITION PROOF PLEASE

Xen and Linux has never even been audited, not once
neither has systemd, but I think OpenBSD is audited

what does Holla Forums think of this
A Unikernel Firewall for QubesOS

roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/

blackhat.com/us-16/briefings/schedule/index.html#subverting-apple-graphics-practical-approaches-to-remotely-gaining-root-3388

saving the qubes thread

likewise, still using this OS as my daily driver, love it.

Nirvana fallacy.
You can still do your best software-wise, and if you do you'll be safer than those who didn't, even if it doesn't stop every possible attack.

ITT people trying to securely run shitty broken software written by

It's xen with a fedora interface you cock, that's it. Two very highly audited and secure pieces of open-source software.

%80 your post is just shit. NSA shill, please fuck off and get a job that's actually good for humanity.

Qubes is great, and the team behind it are seriously smart, watch their CCC talks.

Haha nope. It's fucked beyond all repair. Mossad Inside & PajeetDos 10 or JewHat gnuuu. Oy vey.

this. honestly they're doing some of the best security research in the world at the moment. instead of trying and failing to get vendors to stop making shitty applications, they're redesigning the whole os so it doesn't matter

Why won't this thread fucking die already

What are some pros and cons of using Qubes instead of running things in VM on Gentoo (or some other minimal/non bloated distro)?

look at the image posted here

Qubes is type 1, it's actually a Xen distribution, not a linux distribution. Xen is what's supporting amazon's AWS so I'm fairly confident it's secure code.

If you're really anal about preventing cross-contamination (read: stupid users) between the gentoo base and your virtualization software there isn't much difference, however Qubes is built to do this so it's much more effective and reliable from a security standpoint. Also, if your hardware supports it you can create a tunnel from your networking hardware directly into the appVM's, making dom0 effectively airgapped. You'd still have to run networking through Gentoo, into the virtualization software. This is a huge benefit of Qubes, and I think may be causing trouble for NSA fingerprinting and tracking practices.

Check the hardware compatibility list to see what's most important hardware-wise: qubes-os.org/hcl/

Isn't a woman involved in developing it?

don't you get tired of being retarded?

You have radeon acceleration enabled. I faced this exact issue on my desktop, but not on my laptop that has an Intel GPU.

Put radeon.noaccel=1 on your kernel command line, also you can set 'Option "NoAccel" "True"' for your GPU in xorg. This fixes the problem.

???????????????????????????????/ WHERE ARE THE PICS?

bump


pros:
more secure
cons:
no 3d acceleration


it's made up so guys like don't have to admit that competent women exist

Nah, I'm that guy who posted above you. I read her wikipedia page edits and the talk section. There was a revert war between two users in the same subnet range so I assume two poles, one of which was definitely Rutkowska. That, along with a mysterious Jan Rutkowski character and whatever else, I think she's a trap. I don't really care though, I was just curious.

Qubes with Whonix is something you would use for daily, non-sensitive activity. The reason behind it are fingerprinting techniques (which penetrate the VM layer) and hardware vulnerabilities.

There are tons of known fingerprinting methods for people running shit through VMs, though the common attack angle is the browser (or other things, depending if you run enterprise apps or not).

Secondly, hardware is hard to mitigate.

These both factors make you assume that everything is compromised, even if we don't know it.

The best solution for IT security is not only throw-away software (VM's, re-installs, isolation) but also throwaway hardware. The latter one is easy to achieve, as you can slap linux + [insert hardening] onto pretty much all hardware, no matter how old.

This leaves you with a few common strategies:

pleb level: buy few RapeBerries

advanced level: buy used PCs from craigslist

cyberpunk level: buy components like motherboards and plug them together without any case and throw away what is needed.

My desk looks like a clusterfuck from another dimension. It's just budiful.

what does it actually mean when cpu "supports" it? What does the hardware do when you run virtualized. I thought you need some kind of interpreter/recompiler to emulate cpu.

refer to this qubes-os.org/hcl/

oh shit, you're right
web.archive.org/web/20070208025303/http://www.rutkowska.yoyo.pl/

so are there any really talented female hackers? for some reason girls in Holla Forums always seem to be autistic lesbians or traps

or it could be that she posted as a male so other hackers would take her seriously

Qubes is great to carry around on a thumbdrive.

How well does it work using it as a liveusb??

givin 'er the ol bumperoo

But that user is wrong, the entire Fam15h family and other "server" family cpus aren't PSP, let alone PSP and ME aren't equally as bad

Holy Fuck!
The NSA funded her Male to Female transition and she has been blue-pilling poor folks' puters ever since
We've lost the war against Big Brother.

Actually maybe they killed the original Jan and replaced him with Joanna

Also why won't this thread fucking die already

I don't know, my downvotes don't seem to be working.

How is she a SJW?

Qubes is good, I just have a minimal system and Qubes is too big and slow on my hardware.
If Qubes was done witj XFCE I would iss it all day.

Lucky news for you, with the transition of KDE5 the main devs got pissed off at it and Qubes will be run on XFCE only in the next release. The prior release also has an option to install with XFCE alone, or with KDE as well.

HW requirements are still high though. If you have to ability, you can edit boot parameters to set dom0 to use 512MB of RAM at a min (compared to current 1GB) and customize your networking VMs to be about 150MB~ RAM each. I suspect with 4GB of RAM you can pull off 4-5 AppVMs to play around to use for work, irl whatever.

itnews.com.au/news/xen-patches-critical-guest-privilege-escalation-bug-431869

Already been patched by Xen/Qubes developers, just update dom0 using the VM manager GUI.

If you think the hypervisor that supports AWS is going to be left compromised you're a real dumbass. This software is fantastic. I've got debian for all my shitposting, whonix for a tor tunnel, a proxyVM to connect to VPN through the tor tunnel, fedora as a relay between network hardware and everything else (as is default setup), and an HVM of win7, all on one desktop and all compartmentalized from each other, and all with committed dev support. It's great. Fuck you.

No shit it's patched, that's why it was made public. This is the second such exploit in a short period of time; how many more of these are in there?

Has Xen been audited at any point? If not, why are you pretending that a hypervisor which has repeatedly been bypassed is going to make your system magically secure? Frantically applying duct tape whenever something breaks is not an approach to security but grade A retardation, and advertising an OS on that basis is maliciously careless.

You do realize that argument applies to 99% of all used software? By your logic you should just never touch a computer.

I get there are advantages to using openBSD or something simpler than a hypervisor from a purely security-wise perspective, but as a balance between adaptability and security, this is pretty nice. I've never made the claim it's %100 secure. I do however, get the benefit of some of the best support out there.

If you wanna bitch about bugs go audit it yourself, I'd be interested to know exactly what you're running and whether you've personally audited every line of code in it. If not you're really just being hypocritical.

So what if other software is horrible, too? Serious question, what argument are you trying to make?

I'm not bitching about bugs, I'm bitching about the fact that the security of a self-proclaimed security-oriented OS is based on a complicated piece of software that has never been audited and provably does not do its job. There is nothing wrong with security through isolation per se, but Qubes' implementation of it is plain silly.

No need to accuse me of hypocrisy by the way. I am not selling my setup as a secure OS, and I do audit it bit by bit (or, as a substitute, replace things by audited software).

I can't really respond to your point re: adaptability vs security because adaptability is pretty vague. What concretely do you like so much that you would sacrifice your security for it? Privilege escalation isn't a small issue.

Well I can respect being paranoid about security, but there's a point where you just have to trust the developers of the system you're using. I guess I could go full Terry and build my own system but I'm nowhere near smart/skilled enough to do that.

I would identify myself as a casual user rather than a poweruser, I don't go all out ricing my system, when I need something specific I follow the documentation to get it. Qubes gives me what I want, with the confidence it'll be kept updated/functioning/secure on a regular basis. And that's really it. There are bugs in Qubes. There are bugs in OpenBSD. There are bugs in the linux kernal, and whatever the NYSE runs on, and not to mention the whole world of social engineering. Xen/Qubes has stellar support, and provides me a reasonably secure environment to use everything I need out of a PC.

As for Xen, since it's open-source AND the backbone for major companies businesses, you can imagine their security teams are far more vigilant in keeping Xen secured than a volunteer team is at securing say, Debian. Xen breaches are quickly identified since there are paid security teams monitoring it 24/7. I'm nowhere important enough of a person to be targeted, it's gonna be AWS who suffers, and they'll patch whatever holes quickly and I'll get those patches as well. It is a cumbersome system security-wise, but the fast updates kind of negate that. You just can't get better support than a paid security team like that.

Also, they discuss their choice of Xen here: qubes-os.org/doc/user-faq/#why-does-qubes-use-xen-instead-of-kvm-or-some-other-hypervisor
I haven't read it nor care to, but if you're this passionate about it you might find something interesting in there.

If I were some important dictator I'd be using software/hardware specifically built/maintained for a single purpose, pic related, the presidents phone is hardened by the NSA and whoever else is on the unlimited gov't payroll. Qubes is great for general-purpose use. It's really easy to run Windows and Debian in separate containers, which I can kill without having to restart the computer. It's nice to work within a fully virtualized system. But I wouldn't use it if I were a bank and had to manage my accounts.

My argument is that Qubes is damn useful, and reliable. You're arguing it's insecure, which is fine and is something everyone should understand about computer systems, but if you're thinking I'm advertising Qubes as some kind of impenetrable computing fortress you've misunderstood, nothing's impenetrable, Qubes is just reliable software that's comfy to use, so I use it. Again, it's not the most appropriate thing for mission-critical stuff, but as a daily-driver it's excellent.