←back to thread

Qubes OS 4.0 has been released

(www.qubes-os.org)
143 points andrewdavidwong | 3 comments | 28 Mar 18 17:37 UTC | HN request time: 0.624s | source
1. stagbeetle ◴[28 Mar 18 23:20 UTC] No.16702996[source]
Hey, this is neat! Unfortunately, after skimming the changelog, it still seems they're trotting along with Xen, and any "intermediate IT" person would still be using a bespoke solution.
replies(1): >>16703102 #
2. jstanley ◴[28 Mar 18 23:34 UTC] No.16703102[source]
What do you mean by that? What is "intermediate IT"? And what benefits do you see of a bespoke compartmentalisation system over Qubes?
replies(1): >>16715206 #
3. stagbeetle ◴[30 Mar 18 11:16 UTC] No.16715206[source]
Hey, sorry for the late reply. I got flagged for "posting too often," and just gave up after not being able to post this for a few hours:

Qubes is marketed as a VM for the "intermediate IT professional," i.e one that can setup a server from scratch and mess with configuration settings, even compile everything he needs from scratch, but not be able to make the informed decisions needed to harden things by himself.

So, this IT professional could install his own VM, set it up to sandbox his connections and programs, after reading documents and how-tos.

The benefits for bespoke:

1). Known toolset

This is pretty common in the "real world," where most would take a tool they're familiar with, than one they're not. In this case it would be the Linux environment. Why? Because the IT professional is already aware of the possible holes that he may need to fill and how to do it "correctly." I'm sure we all have had the experience of trying a new technology, messing up our first attempts at something decent, but then being able to make something good after practice. This is the same here. If you already know Qubes, great. If you don't and you're thinking about using it for your next project, make sure that project isn't mission critical.

2). Better documentation

Qubes OS is laughably under-documented (to parrot someone else's wording). With this comes the inability to be as flexible with the massivley-documented *BSD/Linux environment, limiting your overall productivity, and likewise, security and privacy. This also means you won't know where possible holes could develop, stemming from how the sandboxing really works in RT. This is a mostly solved problem with Unixes. You can harden your setup easily and with confidence, knowing you'll only be hit by massive zero days, if it all. With Qubes, you just don't know. Segue:

3). Qubes isn't battle-tested

The Xen debacle showed this. While Linux is not secure in any sense, we know where those insecurities lie through decades of use and misuse. This isn't the case for Qubes, which has been around less than Android.

4). Xen

Qubes uses stock Xen, which is not terribly good for security (direct access to hardware? What are you doing!?). You could better security by compiling your own version of Xen and removing all of the "niceties" that make Qubes not horrible to use. Or better yet, get a better hypervisor that's made for security in mind.

5). "A reasonably secure operating system"

Need I say more?