zlacker

Qubes OS: A reasonably secure operating system

submitted by RafelM+(OP) on 2022-03-23 07:57:03 | 187 points 97 comments
[view article] [source] [go to bottom]

NOTE: showing posts with links only show all posts
1. xvilka+qg[view] [source] 2022-03-23 10:56:27
>>RafelM+(OP)
Some time ago I suggested to integrate [1][2] ReactOS with QubesOS to run Windows programs in secure domains - it's problematic to do properly with the real Windows.

[1] https://github.com/QubesOS/qubes-issues/issues/2809

[2] https://jira.reactos.org/browse/CORE-13358

◧◩
2. fsflov+fi[view] [source] [discussion] 2022-03-23 11:13:16
>>xvilka+qg
> [2] https://jira.reactos.org/browse/CORE-13358

> Status:Resolved / Resolution: Won't Fix

What?

> it's problematic to do properly with the real Windows.

Nevertheless you can run real Windows on Qubes: https://forum.qubes-os.org/t/wip-windows-qwt-user-reports/96....

3. yewenj+ck[view] [source] 2022-03-23 11:31:03
>>RafelM+(OP)
I am looking forward to Spectrum which tries to make secure computing usable - https://spectrum-os.org/ .
◧◩
4. fsflov+mk[view] [source] [discussion] 2022-03-23 11:33:06
>>yewenj+ck
Qubes is much more usable than people think. My daily driver for many years already.

See also discussion of Spectrum OS on Qubes forum: https://forum.qubes-os.org/t/spectrum-os-discussion/1531.

◧◩◪◨
8. fsflov+9m[view] [source] [discussion] 2022-03-23 11:48:39
>>rbanff+7l
If your work requires GPU acceleration, then you're out of luck [0]. Normal apps like a browser, LibreOffice work fine. Hardware virtualization is extremely secure [1] and also fast. Everything which works on Linux should work on Qubes, including drivers (which are usually isolated in their own VMs). You can also run several different Linux flavors simultaneously [2] and Windows [3], too. The downside is that you really need a lot of RAM for that (unless you try to minimize your VMs [4], which is an advanced feature). I have 32 GB, and I never run out of RAM.

I love that you can explicitly compartmentalize your digital live into independent VMs with a great unified interface. I have "work" VM which contains all work stuff and "personal" VM for personal things. More thoughts from me: https://forum.qubes-os.org/t/how-to-pitch-qubes-os/4499/15.

[0] https://www.qubes-os.org/faq/#can-i-run-applications-like-ga...

[1] https://www.qubes-os.org/security/xsa/

[2] https://www.qubes-os.org/doc/templates/#official

[3] https://www.qubes-os.org/doc/windows/

[4] https://www.qubes-os.org/doc/templates/minimal/

◧◩
11. fsflov+in[view] [source] [discussion] 2022-03-23 12:00:50
>>Nextgr+Gm
Indeed the battery life is shorter than with normal Linux, but it's fine with me. Concerning the hibernation, see this: https://github.com/QubesOS/qubes-issues/issues/2414.
◧◩
15. detaro+sq[view] [source] [discussion] 2022-03-23 12:27:54
>>pabs3+Pp
Estimation that it has the smaller attack surface (from https://www.qubes-os.org/faq/)
◧◩
16. jaas+tq[view] [source] [discussion] 2022-03-23 12:27:55
>>pabs3+Pp
From the FAQ:

In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). We discuss this in much greater depth in our Architecture Specification document:

https://www.qubes-os.org/attachment/doc/arch-spec-0.3.pdf

◧◩◪◨⬒⬓
18. fsflov+Ur[view] [source] [discussion] 2022-03-23 12:41:42
>>pabs3+2q
If you mean second GPU passthrough then yes:

https://forum.qubes-os.org/t/qubes-gpu-passthrough/661

https://forum.qubes-os.org/t/another-2-gpu-passthrough-post/...

See also: https://github.com/QubesOS/qubes-issues/issues/4321.

19. samuel+ns[view] [source] 2022-03-23 12:45:03
>>RafelM+(OP)
I tried using Qubes as a daily driver for a couple of weeks, and wrote up my experiences:

https://rillabs.org/posts/installing-qubes-os

Overall an impressive and surprisingly well functioning software, given what it does.

Unfortunately - which I didn't write in the post yet, should do - is that I felt I had to switch back to a normal distro again because of a combination of a couple of annoyances:

- The need to manually redirect the USB-keyboard to each qube

- The fact that I couldn't get Debian-based Qubes to respect the font size settings

- The overall relative slowness of the system, causing some already slow software to be even slower

- The last straw: Inability to run Virtualbox VMs in Qubes (which I use to create some course content etc).

◧◩
23. fsflov+Gt[view] [source] [discussion] 2022-03-23 12:54:48
>>samuel+ns
> - The fact that I couldn't get Debian-based Qubes to respect the font size settings

https://forum.qubes-os.org/t/fonts-are-too-small-by-default/...

> - The overall relative slowness of the system, causing some already slow software to be even slower

Often connected to the fact that hyperthreading is enabled in BIOS (and it shouldn't be).

In general, you should try to ask for help on the Qubes forums. Most problems get resolved quickly.

◧◩◪◨
32. Showal+OC[view] [source] [discussion] 2022-03-23 13:58:12
>>Reacti+Qu
this is what SysReq is for.

>The magic SysRq key is a key combination understood by the Linux kernel, which allows the user to perform various low-level commands regardless of the system's state. It is often used to recover from freezes, or to reboot a computer without corrupting the filesystem.[1] Its effect is similar to the computer's hardware reset button (or power switch) but with many more options and much more control.

https://wikipedia.org/wiki/Magic_SysRq_key?lang=en

◧◩◪
33. samuel+wE[view] [source] [discussion] 2022-03-23 14:09:42
>>fsflov+Gt
Yes, I asked in the forum and got quick help, but it didn't help unfortunately:

https://forum.qubes-os.org/t/dark-mode-in-debian-10-vm/3855/...

◧◩
35. fsflov+qF[view] [source] [discussion] 2022-03-23 14:15:37
>>pabs3+Pp
https://github.com/QubesOS/qubes-issues/issues/7051
◧◩
38. anthk+BK[view] [source] [discussion] 2022-03-23 14:47:39
>>kkfx+Nl
We had far more secure OSes even before Unix.

https://multicians.org/security.html

On X11 and Unix, XTerm's "secure keyboard" input makes X11 snooping impossible.

◧◩◪◨⬒⬓
43. fsflov+WM[view] [source] [discussion] 2022-03-23 14:59:28
>>orbliv+YF
It's still optional. You don't have to create a sys-usb VM. It's not even created by default if you have a USB keyboard: https://www.qubes-os.org/doc/usb-qubes/#how-to-create-a-usb-.... See also: https://www.qubes-os.org/doc/device-handling-security/#usb-s....
◧◩◪◨
46. isodud+uN[view] [source] [discussion] 2022-03-23 15:02:33
>>orbliv+zt
First off, the USB-thingy is indeed a configuration option. https://www.qubes-os.org/doc/usb-qubes/

Regarding the Dvorak: It's a PITA. I'm running Svorak A5 currently so the current procedure is:

* Make sure it's the default setting in each template

* Make sure it's the default in XFCE

* Run a cronjob in dom0, this make sure that newly connected USB keyboards are changed to the correct layout aswell.

  * * * * * DISPLAY=:0 ~/fix-scripts-xkb

  #!/bin/sh
  [ "$(setxkbmap -query | grep -oP '(?<=variant:    )[a-z]+')" == "svorak" ] || (   setxkbmap se svorak; echo fixed xkbmap  )
* XFCE login is STILL qwerty. This is a _long_ standing bug.
◧◩◪◨
47. ThePow+QN[view] [source] [discussion] 2022-03-23 15:04:18
>>orbliv+zt
Something is amiss; did you disable qubes-input-proxy?

If you follow this simple step, USB keyboard and mouse input should Just Work in all your Qubes: https://www.qubes-os.org/doc/usb-qubes/#how-to-create-a-usb-...

◧◩◪◨⬒
48. ThePow+ZN[view] [source] [discussion] 2022-03-23 15:04:52
>>samuel+RE
Something is amiss; did you disable qubes-input-proxy?

If you follow this simple step, USB keyboard and mouse input should Just Work in all your Qubes: https://www.qubes-os.org/doc/usb-qubes/#how-to-create-a-usb-...

◧◩◪◨
49. fsflov+fO[view] [source] [discussion] 2022-03-23 15:07:12
>>thinkm+7M
Yes, see the requirements: https://www.qubes-os.org/doc/system-requirements/.
◧◩◪
51. fsflov+GO[view] [source] [discussion] 2022-03-23 15:09:03
>>orbliv+Ou
> there are per-vm changes I want to make on top of them which adds a little more configuration work

You can use Salt to automate this work: https://www.qubes-os.org/doc/salt/.

◧◩◪◨⬒
56. fsflov+pQ[view] [source] [discussion] 2022-03-23 15:19:14
>>isodud+wP
You can drastically decrease the memory footprint if you use minimal templates: https://www.qubes-os.org/doc/templates/minimal. But even with normal templates, one can run several VMs, and it's much more secure (and even convenient) than an ordinary OS.
◧◩◪◨⬒
57. lapino+nR[view] [source] [discussion] 2022-03-23 15:23:28
>>isodud+wP
sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.

edit: maybe i'm being a bit optimistic for sys-net, which is the vm hosting the driver for the network card: these drivers are included in the linux tree and would need to be extracted and packaged into an unikernel. But for every non-driver vm it "should be easy" to get an unikernel implementation (drivers for paravirtual devices are easy to write).

◧◩
62. beardo+9V[view] [source] [discussion] 2022-03-23 15:43:10
>>samuel+ns
As others said, you don't need to redirect the keyboard if you don't use a USB qube.

Points 2 and 3 you're right about.

You can convert virtualbox VMs to qubes hvms[1] although it requires a bit of CLI work.

[1]https://www.qubes-os.org/doc/standalones-and-hvms/#convertin...

◧◩
67. fsflov+G01[view] [source] [discussion] 2022-03-23 16:12:46
>>ffeiek+UZ
https://forum.qubes-os.org/t/is-it-a-good-idea-to-use-btrfs/...

https://forum.qubes-os.org/t/btrfs-and-qubes-os/6967

◧◩◪
68. fsflov+O21[view] [source] [discussion] 2022-03-23 16:22:50
>>isodud+ZS
Some solutions: https://forum.qubes-os.org/t/qubes-clipboard-is-painful/2830. But to me it's fine to use this combo, you get used to it quickly enough.
◧◩◪
79. kkfx+lu1[view] [source] [discussion] 2022-03-23 18:46:25
>>anthk+BK
Well, unix is another really bad OS compared to it's historical predecessors: at first they decide for a bad programming language to need less hw horsepower and separate that cheap language from the user language (C for the system, for "complex" things, shell scripts for the end user), for equal reasons they decide that's no need for GUIs, while far before unix we have had GUIs, touch monitor, even the world first video-conference with screen sharing in LAN (the so called Mother of all the Demos, in 1968 [1] then they realize that's was not that good and graphic systems start to appear on Unix, far limited, complex, that completely violate unix principles since for GUIs there were no IPCs, classic PostScript GUIs do support some user-programming but not really something like classic systems, CDE support a certain integration but again nothing like classic systems.

Since them all "modern" systems keep rediscovering in limited, limited and bug ridden ways what historical systems have done far better decades before...

I think many should just see classic advertisement like https://youtu.be/M0zgj2p7Ww4 than see it's date and where we are today...

It's not only security it's the overall design. In the past hw resources was limited an so hacks and slowness were common, hw itself being "in a pioneering phase" was full of hacks and ugliness but evolving those systems would have led us too the moon while we are still in the middle age...

[1] https://youtu.be/yJDv-zdhzMY

[go to top]