Forums » Off-Topic
Qubes OS
Interesting, but it doesn't support OpenGL and I'm not paranoid enough to go without.
Not entirely accurate. It's possible to do a gpu passthrough through a HVM with only a 2-3% performance degradation. Seeing how VO isn't very demanding, you wouldn't need to give up VO.
https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA
Cool, ain't it?
What really appeals to me is the modularity and seamlessness as opposed to running a normal xen setup.
https://groups.google.com/forum/#!topic/qubes-users/cmPRMOkxkdA
Cool, ain't it?
What really appeals to me is the modularity and seamlessness as opposed to running a normal xen setup.
I think I'm curious enough to give it a shot.
You have any handy links on getting started, or is the documentation good enough on its own?
You have any handy links on getting started, or is the documentation good enough on its own?
Yes, the documentation is plenty enough to get you started up. For a number of reasons I'm not ready to install qubes on my main SSD drive but I've been running it on a 64GB usb drive to give it a whirl. Installation was as straightforward and easy as Ubuntu's process.
It's shit. I could set up a way better hypervisor without any (many?) of the pitfalls these guys are trying so hard to avoid. Sorry, just no. If I was that paranoid I would think that the NSA are out to get just me (they are btw).
[edit]
Looking at the way these guys work, it would be so easy to inject code into one VM then shed it to the user when he "tried" to fix his VM. A lot of stupid users does not = secure.
[edit]
Looking at the way these guys work, it would be so easy to inject code into one VM then shed it to the user when he "tried" to fix his VM. A lot of stupid users does not = secure.
How would it be possible for a remote attacker to "easily" inject code? The only thing writable in the AppVMs is the home directory and it's completely isolated. Even if there's a 0day exploit in firefox or pdf viewer or whatever, maintaining persistence of a rootkit is very difficult once the appvm is shut down.
Granted, I'm sure if you know your stuff, you can set up a hypervisor system better suited to your needs and just as secure as qubes. Qubes is for people who want a little more security without wasting too much time on tinkering with things. Some of us no longer live in our mom's basement and actually have a life, you know.
Granted, I'm sure if you know your stuff, you can set up a hypervisor system better suited to your needs and just as secure as qubes. Qubes is for people who want a little more security without wasting too much time on tinkering with things. Some of us no longer live in our mom's basement and actually have a life, you know.
Well besides the fact that mom died over 20 years ago I'll let that one slide. The fact remains though, it's not as secure as you might think.
Can you elaborate a bit more about what you mean? What are the possible attack vectors?