QubesOS – A reasonably secure operating system

(www.qubes-os.org)

176 points TheFreim | 1 comments | 11 Jul 23 18:11 UTC | HN request time: 0s | source

Show context

weinzierl ◴[11 Jul 23 18:54 UTC] No.36685626[source]▶

I used it when I worked as a hiring manager. For this task it is ideal. All the behavioral security measures, like only to open attachments from people you trust, break down when your job description is basically to figure out who you can trust.

Qubes comes with a "Convert to trusted PDF" out of the box. Joanna Rutkowska explained how it works under the hood pretty nicely[1]. The tldr is that it is very thorough. With Qubes it is convenient too.

I used Qubes to open the application mails and their attachments and converted the interesting ones to trusted PDFs which I then forwarded to the relevant people. All further communication was only with the trusted versions.

[1] https://blog.invisiblethings.org/2013/02/21/converting-untru...

replies(1): >>36685941 #

neodypsis ◴[11 Jul 23 19:17 UTC] No.36685941[source]▶

>>36685626 #

You can use something similar on macOS, Windows or Linux, based on Docker containers, see Dangerzone: https://github.com/freedomofpress/dangerzone

replies(4): >>36686179 #>>36686191 #>>36688631 #>>36691492 #

1. weinzierl ◴[11 Jul 23 19:34 UTC] No.36686179[source]▶

>>36685941 #

I didn't know about that but that looks really nice. From a quick glance I understand that they can even utilize OCR to make the trusted PDF into more than an image container. Back in the day when I used Qubes it could not do that. (I haven't used it for a while so I don't know if it can now)

I still think security-wise Qubes is a bit better because it relies on VMs instead of containers.

↑