←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 2 comments | 19 Nov 17 16:06 UTC | HN request time: 0s | source
Show context
magnat ◴[19 Nov 17 19:48 UTC] No.15735557[source]
Joanna's (Qubes OS Founder) blog [1] is a gold mine when it comes to hardware-software boundary security. Especially "State considered harmful" [2] and "x86 considered harmful" [3] papers are eye-openers.

[1] https://blog.invisiblethings.org/

[2] https://blog.invisiblethings.org/papers/2015/state_harmful.p...

[3] https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf

replies(4): >>15735998 #>>15737955 #>>15738236 #>>15739388 #
jstewartmobile ◴[19 Nov 17 21:21 UTC] No.15735998[source]
That's why I don't get Qubes. She knows what a steaming pile PC hardware is, and decides to write a spinoff OS for it???

Seems like she'd have more effect designing hardware.

replies(3): >>15736035 #>>15736356 #>>15736980 #
rdiddly ◴[20 Nov 17 00:55 UTC] No.15736980[source]
Q: Would the steaming pile be stinkier with an easy way to deploy & use VMs to separate things, or without?

A: Stinkier without, therefore Qubes.

replies(1): >>15737199 #
jstewartmobile ◴[20 Nov 17 01:50 UTC] No.15737199[source]
That's assuming the virtualization extensions are doing their job, and the other parts of the processor aren't leaking anything, and that Xen doesn't have any problems, and that the Qubes additions are solid, and that various interactions between these layers won't present any other problems, and probably a few other things...

I'd consider betting on one of those things being solid on its own, but not all of them together.

replies(2): >>15737256 #>>15737852 #
1. panarky ◴[20 Nov 17 04:44 UTC] No.15737852[source]
Old Thing has issues with X, Y and Z.

New Thing solves X and Y but not Z.

Therefore, criticize New Thing for not solving Z.

replies(1): >>15740123 #
2. jstewartmobile ◴[20 Nov 17 14:41 UTC] No.15740123[source]
No. I'm mostly just chafed when anything for something as overcomplicated as a PC gets marketed as "secure" or "reasonably secure". Sure, most of the HN crowd knows the ins and outs, but a lot of end users don't.

I run into so many people at local interest groups who do less than advisable things on the computer, yet don't even give a second thought to it because "I'm using Tails!" Or "I'm using Qubes!"

At the same time, I have friends who do security for the military who show and tell so many different (and simple) ways to exfiltrate data that bypass most of the hypervisor/os/software stack.

This is a better condom. That is an accomplishment, and I tip my hat to them. At the same time, if you really don't want the diseases, it's safest to just stay off tindr.