←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 1 comments | 19 Nov 17 16:06 UTC | HN request time: 0.204s | source
Show context
magnat ◴[19 Nov 17 19:48 UTC] No.15735557[source]
Joanna's (Qubes OS Founder) blog [1] is a gold mine when it comes to hardware-software boundary security. Especially "State considered harmful" [2] and "x86 considered harmful" [3] papers are eye-openers.

[1] https://blog.invisiblethings.org/

[2] https://blog.invisiblethings.org/papers/2015/state_harmful.p...

[3] https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf

replies(4): >>15735998 #>>15737955 #>>15738236 #>>15739388 #
jstewartmobile ◴[19 Nov 17 21:21 UTC] No.15735998[source]
That's why I don't get Qubes. She knows what a steaming pile PC hardware is, and decides to write a spinoff OS for it???

Seems like she'd have more effect designing hardware.

replies(3): >>15736035 #>>15736356 #>>15736980 #
rdiddly ◴[20 Nov 17 00:55 UTC] No.15736980[source]
Q: Would the steaming pile be stinkier with an easy way to deploy & use VMs to separate things, or without?

A: Stinkier without, therefore Qubes.

replies(1): >>15737199 #
jstewartmobile ◴[20 Nov 17 01:50 UTC] No.15737199[source]
That's assuming the virtualization extensions are doing their job, and the other parts of the processor aren't leaking anything, and that Xen doesn't have any problems, and that the Qubes additions are solid, and that various interactions between these layers won't present any other problems, and probably a few other things...

I'd consider betting on one of those things being solid on its own, but not all of them together.

replies(2): >>15737256 #>>15737852 #
rdiddly ◴[20 Nov 17 02:03 UTC] No.15737256[source]
Well it obviously doesn't compete with whatever you're currently doing that solves all the same problems perfectly.
replies(1): >>15737292 #
jstewartmobile ◴[20 Nov 17 02:11 UTC] No.15737292[source]
Why does it have to get personal rdiddly?

If you've spent any time with Intel's phone-book-sized opcode manual, or following the history of the PC, you get real skeptical when the words "secure" and "PC" are mentioned together.

replies(2): >>15737717 #>>15738348 #
1. jstanley ◴[20 Nov 17 04:08 UTC] No.15737717[source]
He's not getting personal. You're being a bit unreasonable.

Why are you pointing the finger at Qubes for not solving every problem there is? It's doing a much better job than ~every other Linux distro.