zlacker

[return to "Qubes OS: A reasonably secure operating system"]
1. magnat+pi[view] [source] 2017-11-19 19:48:43
>>ploggi+(OP)
Joanna's (Qubes OS Founder) blog [1] is a gold mine when it comes to hardware-software boundary security. Especially "State considered harmful" [2] and "x86 considered harmful" [3] papers are eye-openers.

[1] https://blog.invisiblethings.org/

[2] https://blog.invisiblethings.org/papers/2015/state_harmful.p...

[3] https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf

◧◩
2. jstewa+wp[view] [source] 2017-11-19 21:21:38
>>magnat+pi
That's why I don't get Qubes. She knows what a steaming pile PC hardware is, and decides to write a spinoff OS for it???

Seems like she'd have more effect designing hardware.

◧◩◪
3. dillon+7q[view] [source] 2017-11-19 21:29:04
>>jstewa+wp
I believe I remember reading she aims at solving the issue of hardware and software vulnerabilities. I can't find the source, but she mentions that there's too much code out there that it would be impossible to secure everything.

Qubes' design means hardware and software are all separated so a vulnerability in one doesn't mean exposing another.

I like that in their docs they mention an approach they take and when it isn't secure[0]

That being said the main point of security contention is the admin (dom0).

[0]: https://www.qubes-os.org/doc/copy-paste/

◧◩◪◨
4. jstewa+ot[view] [source] 2017-11-19 22:13:08
>>dillon+7q
But those two things are not independent. If your hardware is fundamentally broken, hypervisors can only paper over so much.

Between the twilight of Moore's law, and the success of open-source software, I just don't see that much long-term value left in x86+PC.

[go to top]