/tech/ - Technology

large attack surface.

>>550573

Its pointless trying to sandbox software when the hardware itself is botnet.

May as well use your computer to its full potential rather than running everything in a hypervisor, because either way you're a target and using Qubes is like putting a bandaid on a gunshot wound.

>>550573

There's a point where an amount of autism stops and requires more than autism to evolve into advanced autism.

>>550573

>Why aren't all of you using it?

My CPU does not support virtualization.

That is all.

Because it makes no effort to prevent getting pwned in the first place.

>LOL ur gonna get pwned anyway! why even try?? here! use these shitty VMs

Don't get me wrong though, I think it's a nice concept.

>>550573

My desktop hardware is not well supported by it. I need my full CPU and GPU for encoding, vidya and other tasks.

It is a good choice for laptops though.

>>550586

The state of x86 hardware security is pretty depressing. But if we take up that defeatist attitude then we've already lost. Projects like Qubes and CoreBoot/LibreBoot are good first steps. The guys making the Librem laptops are petitioning Intel and others to improve the situation. I am looking forward to what they may accomplish in the future.

Here is a talk from the developer about how bad x86 hardware currently is if you haven't seen it:

https://media.ccc.de/v/32c3-7352-towards_reasonably_trustworthy_x86_laptops

>>550586

>the hardware itself is botnet

I see people say this all over /tech/ but I never see any proof.

I mean I avoid any new/recent tech, and there are now things like Intel's vPro spyware, but I'm talking about things that are supposedly unavoidable, as everyone says.

It looks and sounds like pubes.

Just keep your software up to date and keep flash and java plugins uninstalled. 99% of attacks will be thwarted.

If super hackers are targeting you, virtual machines won't save you.

>>550643

What about moving towards other architectures? like ARM were any vendor can get a license and thus you can make sure the chip has no backdoors baked-in? or RISC-V to be extra sure of no foul play?

>>550677

But Qubes isn't just about reducing damage from exploits.

>>550573

Because I'm too lazy for all that shit. Ubuntu does the job for me just fine.

>>550680

ARM seems to be the way of the future anyway with everything short of enthusiast or professional workstations moving to tablets like the Surface (yes, I know it's x86) or iPad pro types. Hell, I don't even have a real laptop anymore, just an Android tablet with a keyboard on it.

>>550680

The license costs a bucketload of money I thought, but RISC-V is going to be opensource....

Software isolation is stupid.

If you want to isolate stuff, put it on separate hardware.

t. Theo the Rat

But in all serious, what reason besides cost or convenience would there be to choose software isolatin over hardware isolation? With software isolation you've got to worry about vulnerabilities in the software.

>>551213

Large server running Xen, or hypervisor of choice.

>>551213

I'm going to want to put things on the internet accessible device. Things that I don't want compromised (passwords). I'm also going to want to put things that are less sensitive on the internet, but strictly in my own terms (for example, don't want anyone making excessive demands for my catalogue of data).

Furthermore I cannot claim to be a libertarian while I refuse to share the means to liberty (banned books and so on). An element of risk is therefore self mandated.

Lastly, and "in all seriousness", just because something is airgapped does not mean it's invulnerable. Your computer takes in and throws out noise that's visible, audible, and electro-magnetic. The only solution to that is a noise cancelling faraday room.

It's good practice to lock down the software, just as it's good practice to lock down the hardware.

SystemD

Other than that though, I do like the idea.

>>551213

It's not that software isolation is stupid, it has many administrative advantages, which is why OpenBSD is making a VM hypervisor now that they have the funding.

It's just that VMs for security reasons is a false prophet.

t. Theo

I still think containers are the best idea. If Ilumnos can have KVM then we should get Zones.

>>551301

>containers

But don't virtual machines provide better isolation by isolating the kernel as well as the userspace?

The way I see it:

Linux container + kernel exploit = pwned

Virtual machine + kernel exploit = still isolated

Doesn't mean VMs are perfect, but it would seem like they're better than containers.

>>551271

>I'm going to want to put things on the internet...

Didn't get the point of that whole paragraph. Yes, I know that the point of VMs/containers/etc is to protect information. But that doesn't change the fact that, as far as I can tell, hardware isolation is better than software isolation.

>just because something is airgapped does not mean it's invulnerable.

Duh. But just because something is potentially vulnerable does not mean that it is not less vulnerable than something else.

For example, you don't use Windows instead of Linux because Linux "is potentially vulnerable" to exploits, and is therefore (by your logic) no better than Windows. Just like you wouldn't use VMs over hardware isolation just because hardware isolation is also potentially vulnerable to some exploits.

The fact, as I see it, is that hardware isolation is vulnerable to less exploits than software isolation. Its attack surface is smaller. Software isolation is just as vulnerable to the compromising emanations you mentioned as is hardware isolation. But with software isolation you throw in the added attack surface of the hypervisor and all its emulated devices.

>>550653

https://libreboot.org/faq/#intel

I've tried to use it. My desktop hardware isn't supported. It runs on my laptop, but I can't use wifi because there's no available driver for my hardware wifi switch (Perma hardblocked) and with only 2gb RAM it's pretty much unusable. Once I get enough money for a new laptop I'll install it.

The Issues with Qubes OS Right Now

WRITTEN BY SOMEONE THAT IS USING IT WITH WHONIX AFTER CAREFUL RESEARCH AND FIRST HAND EXPERIENCE

First problem: Xen.

It is is DESIGNED (though not originally), RAN and DEVELOPED by a community with a deep interest for cloud computering and server-based activities. It, itself, was never meant to be used as a security tool (dom0 degregation is rare as .FCK). The direction Xen is going with its lead, community and support might crash with Qubes OS devs in the future.

Second problem would be dom0's root file system limitation sandbox; very annoying to set self-destruct parameter and cleaning forensics on it - also have issues with software bugs, drivers, updates, USB/external and DE collusion amongst VMs right now. No deniable plausibility either. It is actually really crap.

Third problem = MISS JOANNA RUTKOWSA!

She's a cutie and her team members are also top chums with great talents but if she wants people to care about security, WHY WOULD she make an OS based on Fedora Xen (already easy to do by /tech/ standards), call it Qubes, when really, it is just Fedora with Xen; why can't she just get people to learn to use Xen/Linux? Why does she need to be the middleman? Also note Qubes' hardware requirement is higher than vanilla Fedora Xen.

IMPORTANT IMPORTANT IMPORTANT

Finishing from the above point, she also wants to turn Jewtel Aviv's chips firmwares into a security bonus: instead of removing them completely like other GNU communities; what I mean is that she actually believe it is possible changing ME, TXT and &et cetera. into a security enhancement. Honestly... what the fuck? I know she's a SJW but does she secretly work for the Chosen people? Or does she actually have a good heart and believe it is possible? The augment against this point that "because there are no hardware available right now" isn't good enough, by resigning to just modifying more future and current Intel chips they will get lazy and give up in the end since they never can solve the issue with such thought application. The hardware compatibility partnering with Purism shows that they are already taking compromises.

Quaternis Consultationis: I don't trust anything ever. You shouldn't either. Use it and distrust it, and probe it and hate it until you find something better.

PRO: It is very very easy and user-friendly, and the hardware req. isn't too high or expensive. I like it personally... BUT... BUT. BUT!

I am an autist but suck my dick you antis

Fuck I accidentally a word!!!!!!!

>>551810

I was talking about Qubes with a bro on /b/ some time ago. He told me that he was just using a stripped down, non-persistent Debian live image with virtualization software (You could obviously use any distro you wanted). He had his Whonix VMs on another USB drive. The idea being that you never use the Debian host system for anything other than running the VMs, and you'd therefor almost certainly never catch any malware. You'd only use Whonix. Basically, like TAILS but with virtualization.

I've tried this out myself and I really like it. Plausible deniability encryption on the Whonix USB, and build a new live image whenever important security updates arrive. It generally just seems smart to never mix your daily work/whatever with activities you want to keep private. Keep an entirely separate system for your private shit, and, when using it, only access the internet through the torified VM.

I guess you could also do this Qubes, but I've never tried running it as a live USB - I imagine it would wreck the shit out of your system unless you have a massive pile of RAM.

>>552432

not really bro... if your computer/os/VM/hypervisor need more than 8GB it is probably compromised, bloated or it is simply shit

i run qubes fucking fine with 8gb

Why a whole new fucking OS though?

>>551810

decent synopsis, you know you can replace fedora with whatever distro you want right? if you're willing to put the effort into it, anyway.

they have builds for debian here:

https://www.qubes-os.org/doc/templates/debian/

but yeah it's the least evil i've encountered, hypervisors are cool. also very simple to use. good to know someone's trying.

i like qubes.

>>554002

because it's built off a hypervisor, not what's regularly known as an OS.

completely different architecture. basically qubes sandboxes everything. you can run windows and linux OS' side by side, natively.

>>554021

I thought it was just yet another Linux distro with preconfigured Xen

>>554024

no, it's a Xen distro, not a linux distro. Xen runs on the hardware, and virtualizes linux. and windows, and whatever else you'd want to configure it for.

Joanna basically just made an end-user product of Xen, and preconfigured it with fedora. Which is pretty cool. I use qubes for all my daily shit, intel can still remote into my PC but at least i can run flash in one VM and do my personal shit in another, easily.

>>551359

Sure but I was never talking about it from a security standpoint, containers in practice can do much of what people use VMs for just in a much MUCH more scalable way.

You should check out some talks Joyent does on their debugging zones practices, shit is nutter butters.

its a shitty MemeOS like TempleOS or KolibriOS

>>554028

>>554019

Nigga please you have no idea what you're saying

>>554634

enlighten me then

> implying I'm not using it

The security properties are great, but the other advantages of VMs are amazing as well. I love being able to pause and save state for any program I'm running.

>>550581

the whole thing is designed to reduce attack surface and mitigate the problem if any individual component was compromised

>>550586

>how do i threatmodel?

>>550640

except you still have all the regular security of linux

>>550676

best argument itt

>>550677

and don't open pdfs

>>551213

xen bugs are rare and would destroy most cloud provider's security at the same time. i don't think anyone's burning one on you

>>551246

qubes is just xen with some management shit on top to make it play nice. copying between vms and shit

>>551810

good post

state of antiforensics on the machine is shit atm but that's not the problem she's trying to fix

qubes > (fedora+xen) because of all the desktop integration shit (i never tried f+x on their own so can't say how much better). the gui colors and cross vm file transfer stuff is cool. you don't even have to trust the filesystem to store your vms.

if you don't trust x86 at all though, not sure there's much an os can do for you

>>554979

>xen bugs are rare and would destroy most cloud provider's security at the same time. i don't think anyone's burning one on you

>implying I'm not a right-wing death squad member and the NSA doesn't consider me as much a threat as Osama bin Laden 2.0

What is there for a poor marginalized natsoc member to do against such advanced threats?

>>555039

https://stallman.org/stallman-computing.html

>I usually fetch web pages from other sites by sending mail to a program (see git://git.gnu.org/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won't fetch from other sites in such a situation).

sorry bud. this is your new life from now on

>>550573

There's a Xen logo in your image. It has to be shit.

>>555111

>>555039

>implying the NSA won't use their super-secret vulnerability your email client to gain access to your encrypted maymays

Sorry guys, it looks like you're hosed.

>>555150

*in your email client

I no English good today.

>>553965

>I run qubes fucking fine with 8gb

That's a lot to me... My most powerful machine has 6gb of RAM, and its hardware is incompatible with qubes. The only machine I own that can run qubes has 2gb of RAM which renders the OS unusable.

>>553965

>I run qubes fucking fine with 8gb

That's a lot to me... My most powerful machine has 6gb of RAM, and its hardware is incompatible with qubes. The only machine I own that can run qubes has 2gb of RAM which renders the OS unusable.

Is it possible install qubes tech (lightVM and patched wm and whatelse) separately from Qubes OS?

>>550653

hdd's

>>555249

i run qubes on an i5 w/ 6gb ram, no problems. you do need at least 4gb ram though.

>>555334

and run them on what, arch? good luck, i doubt it. just use vm's on whatever you want to run.

VMing everything requires too much power and resources for my weak machine.

>>550573

VMs are heavily exploitable

>>555536

Xen seems pretty secure man, it's a straightforward concept and this OS does it well.

bumping because this deserves more attention.

>>555536

orly? can you show us how?

>>555491

I have an i7 (~5yrs old) and 6gb of ram and an R9 290. It installs fine, but is utterly unusable; lag, extreme screen tearing, cursor hangs for several seconds at a time, etcetc...

>>550573

>What's wrong with Qubes?

It's bloated and requires better hardware than I have to run acceptably. It also, AFAIK (though feel free to correct me), runs only on x86. It's a problematic architecture from a security perspective.

I understand the user-friendliness argument in order to try to build a userbase, but I don't think KDE is an appropriate standard DE for a supposedly secure OS.

>Why aren't all of you using it?

See above.

>Why don't you use it?

See above.

>Why isn't it talked about here?

There's a Qubes thread at least once a week. That's not counting all of the mentions in other threads.

>Why shouldn't I set to work tomorrow morning on installing it to everything that I possibly can?

Nobody cares what you do or don't do.

>>556387

>AFAIK (though feel free to correct me), runs only on x86.

ludicrous, of course it runs on amd64

>I understand the user-friendliness argument in order to try to build a userbase, but I don't think KDE is an appropriate standard DE for a supposedly secure OS.

You don't have to use KDE, you can use XFCE. If you don't like either you can log into dom0 root yourself and change it manually

yall are just lazy

I wonder if it would be possible to create something similar to Qubes OS, using KVM and OSv instances for programs.

Is it possible for KVM guests to rely on the host's drivers, so that they drivers are just making requests essentially?

>>556457

I've never heard of OSv.

>>556370

Huh yeah I dunno. I'm on a t410, i have had 0 problems with qubes thus far (beyond obvious stuff like setting up printers etc)

here are the system reqs, see if you're missing anything https://www.qubes-os.org/doc/system-requirements/

I'm currently running hardened Gentoo.

Is Qubes OS more secure than this?

I've heard security through VM isolation is a flawed concept (see Theo).

Are there any rigorous analyses comparing these two approaches to security?

I don't want to be a rube, getting cucked by black hats or governments.

>>556370

Sounds like a driver problem tbh.

>>557099

>I don't want to be a rube, getting cucked by black hats or governments.

first i gotta say, as far as staying anonymous on the net goes, abandon all hope, because there is no getting around the gov't when you go online regularly. As long as computer parts are manufactured by a gov't regulated industry there are going to be so many proprietary blobs on your hardware that it's impossible to know what is and isn't on your computer, regardless what OS you run. Read more here: https://libreboot.org/faq/#intelme

tl;dr post 2006 intel has the ability to remote into most computers using their processors. I can't imagine it's difficult at all for the NSA or whoever to get access to that.

As for security, I personally don't know the process behind a hardened kernel/distro, but my gut feeling says that security-by-isolation is better if not worse. Say you run firefox, sure firefox might not have any r/w privileges to any sensitive directories, but it's still one of the most insecure browsers out there (mostly due to its popularity), think about what you're risking when you run FF on your machine. However, with qubes or any virtualization software, I know that even if my FF install is compromised, so long as I wasn't using it for my online bank or cryptocurrency or whatever I don't really have to care, because i know the chances of it breaking through the virtualized simulation and rooting my computer itself are slim to none.

The main philosophy behind security-by-isolation is that you keep your slutty browsing containerized in one vm, and do your important, work-related browsing in another with software you trust. Torrent on one, bank on the other, like that. Rather than mixing all your shit in one OS which is exponentially more likely to be compromised over time.

so yeah that being said, i'm really impressed with qubes, they did a really good job with it and continue to do so. it's pretty much just one huge VM manager using fedora for the OS/DE/user interface. try it out.

>>550573

Fuck dom0's sandboxing honestly

taking a screenshot with Ksnap and moving it is so annoying

security vs convenience. copypasting is annoying af too but there's not much can be done

>>557955

screenshots are annoying yeah, seems to be restricted to each VM window. makes sense why it wouldn't work.

>>557431

So is Fedora dom0? Because if so, then I don't see how this OS can be considered very secure.

If it had a kernel with PAX patches in dom0, then it would be more convincing.

>>557439

So it uses KDE?

>>558462

dom0 doesn't touch the network at all. you only use it to run kde and launch the other vms. that's what makes screenshotting such a pita. the other vms let you share stuff between them pretty easily but not dom0 because nothing's supposed to run in there. the whole system is built to be safe even if a single vm got popped but if dom0 was owned that would be game over

>>558505

can make it work with xfce but yeah kde is default. it uses a custom kde theme that changes window colours depending on security context

Not that guy but can you elaborate on the reasons you feel KDE is shite? On a powerful rig I've only had good experiences with KDE.

>>558977

I thought dom0 controlled access to hardware, so how does it not touch the network at all?

Doesn't it have to provide access to the network controller to all the other VMs?

>>550573

Doesn't support my hardware.

>>558977

Will this sort of thing be compatible with Wayland, where the client program draws itself rather than a server drawing all clients like with X11?

>>559238

at the moment each vm has its' own isolated x-server so i don't think wayland would make a difference

[would you like to know more?]

https://www.qubes-os.org/doc/gui/

>>559018

during installation it gives you the choice of KDE or XFCE

i'm on XFCE, no real complaints.

Hey I made the long post earlier in this thread...

All I want to say is that Qubes OS and many systemd variant are compromised (including Debian's Whonix/Tails sadly)

Do not trust it

Whonix might switch to Devuan later on... but I think Tails is finished...

Jacob Applebaum works/for with Purism (which is a secret NSA/distraction project that seek to fragment our movement) and heads the Tor project or at least as its main PR...

We're fucking smoked honestly

All in all, Qubes OS = Fedora = systemd = RHEL = NSA, which supports Purism = NSA; anyone that supports systemd or Purism are quarks

>>560560

>>560560

also this guy is the head board for Red Hat/Fedora

https://en.wikipedia.org/wiki/Hugh_Shelton

lmao boizz

>>560560

>>560560

Can I just say Applebaum is also Jewish

https://en.wikipedia.org/wiki/Jacob_Applebaum#Personal_life

>>560560

Can you give something to back your claims up? It would be helpful.

>>560582

>>560582

Coreboot/Thinkpenguin on Purism

https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/

https://blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/

https://trisquel.info/en/forum/librem13-fully-free-time#comment-74207

https://twitter.com/ioerror/status/612214488163590144

https://www.qubes-os.org/news/2015/12/09/purism-partnership/

You need to know about init/systemd/Ian Murdock to understand how RedHat is actually ""backdooring"" Linux, but I am assuming you to be the an OS based on Xen guy, so you probably lack the technical knowledge... Xen is an added mircokernel to a Linux/*nix Dom0... there is no such thing as a """Xen OS""" and systemd itself is basically a monstrosity like GNOME 3

Research that on your own and come to your own conclusion, Whonix creator Patrick already voiced concerned about Tor/systemd on various mailing lists.

Redhat is long associated with the US gov./NSA: they have multiple government contacts and renewal each year...

Look at SElinux, and MAC which is basically governmental backdoor that Linux personally coded in wayback in the late 1990s (when the Linux Kernel became non-free with blobs) yes the Linux kernel is non-free, now you know

>>560592

What does Ian Murdock have to do with systemd? Didn't he leave Debian long before systemd was even a thing?

How does Librem not being completely free make it as bad as you claim? I'm not a fan of the whole thing, because I do think it misrepresents what it is. Whenever it gets brought up in a positive context I explain what's bad about it.

But Purism laptops are still better than your average laptop that comes with Windows. If they optionally come with QubesOS that doesn't make QubesOS bad.

It sounds like you're implying that SElinux has something to do with blobs in the Linux kernel. It doesn't. They're separate issues.

>>560592

>Xen is an added mircokernel to a Linux/*nix Dom0

Is it not possible to replace the default dom0 template (Fedora) with something else? I'm not sure how libre Arch is, but there is a volunteer-made template of it available for Qubes.

And yeah, we are fucking smoked...

>>560592

>Look at SElinux, and MAC which is basically governmental backdoor

look at what specifically? how is it a backdoor? you're vaguely implying it's insecure while also avoiding actually saying anything.

>Purism is a secret NSA/distraction project

>You need to know about init/systemd/Ian Murdock

let me guess, you're implying they're all jewish?

>You need to know about x understand y, but I am assuming you lack the technical knowledge

give us technical information or fuck off back to >>>/pol/

from the linked article

>I first heard about Purism Librem sometime last October [2014]

>The first red flag was that we, the coreboot hackers, were never contacted by Purism

here's a guy from Purism contacting the coreboot mailing list in august 2014 so that's bullshit for one thing

https://www.mail-archive.com/coreboot@coreboot.org/msg43618.html

>>560564

oh shit he's also a director at Anheuser Busch

Budweiser confirmed NSA distraction project

>>560944

>Budweiser confirmed NSA distraction project

great taste jet fuel can't melt less filling beams

>>560595

>How does DeadIan have to do with anything?

"""He""" ""committed"" ""suicide"" shortly after he was found out to be helping, or expressed a desire to help with the Devuan project :)

lets be fucking honest here, they fucking killed him

>>560944

>>561120

lol you kids are so fucking stupid, you think Snowden ever STOPPED working for the NSA? Of course not, he's a marionette

>>560905

Yeah Todd was just snooping there, did he, himself or as a CEO of Purism ever made actual, legal, business contact or in-depth inquiry? Of course not, the Librem's """"Coreboot freeing"""" was done by a Google software developer.

https://libreboot.org/faq/#librem

>The librem does have coreboot support, but it's pretty meaningless (it's shimboot, which means that coreboot is just incorporating blobs. It's not real coreboot support, but rather, what is shamelessly passed off as coreboot support these days, where binary blobs for the entire hardware initialization is considered acceptable in the coreboot project). It should be noted, that the coreboot port for librem was done by a lone Google software developer (Duncan Laurie), not Purism, working independently. Purism had nothing to do with the port.

>>560595

Nigga, SeLinux/MAC ARE the blobs in the kernel, or rather two of MANY

>>561315

>"""He""" ""committed"" ""suicide"" shortly after he was found out to be helping, or expressed a desire to help with the Devuan project :)

>Hey boss.

>Hey John. You have anything new to tell me?

>Yes. I investigated Ian Murdock as you asked me.

>Continue.

>Things are much worse than they seem. We already suspected something since we weren't able to access his systemd NSA RAdmin backdoor...

>... that's why I asked you to investigate in the first place.

>W-well, yeah, but...

>But?

>Murdock said he wanted to work in a extremely niche distro called Devuan.

>...

>It hasn't yet gotten out of beta.

>...

>Said distro comes without systemd.

>...

>...

>Grab the van, John. We are going to pay a visit to Mrs. Rapist. I know he will kill himself in the name of Black Lives Matter after that ugly cunt touches his dick for three hours.

>Ay b0ss, allow me to compliment you. You sure are a sick person.

>Thanks, John.

>>561319

>SELinux

>blob

I bet you think MAC stands for Macintosh.

>>561315

>he was found out to be helping, or expressed a desire to help with the Devuan project

Do you happen to have a source for that? I can't find anything that was written before his death. All I can find was Devuan people considering him the spiritual father of Devuan because Devuan is the "real" continuation of Debian, and even that was written after his death.

>>561319

You don't know what a blob is.

A blob is a piece of the kernel that is not free software. Usually, the source code is not available. Blobs are firmware or drivers that the manufacturer doesn't feel comfortable releasing.

>>561356

your technical knowledge is wanting

a blob can be a low level code existing within any kernel or program which is complied or have its majority of lines written by a higher level language/code or binary as well (which is almost impossible to read/reverse engineer if it was written in an obfuscated way, eg: C/assembly can hide within another part of a larger program written with php), firmware blobs/software blob are just the easy name for plebs like you to understand what's what

>inb4 you don't even know what a low level code is

and no low level code doesn't always mean assembly """languages""""

>>561339

Haha, are you seriously doubting an organization that can break international jurisdictions in pursuit of their own goals can't kill someone and make a mockery of his death easily? NSA have the resource that enable them to tap and redirect underground-sea cables directly into their domain (for a number of years), you think they can't fuck Ian up if their boss allow them to do it? They'll do it gladly, all servers using GNU/Linux are a net-lost for the techno-military complex since they don't go to a puppet corporation for support and have the ability to fix problems it themselves.

If they can cut into fiber optics, they can probably fuck with satellites as well.

Honestly we're all fucked, nano-tech is coming, VR is coming, Ultra-GSM ray are coming not sure what can be done at this stage

Move carefully and distrust everything

>>561379

It sounds like you don't know what free software is.

For something to be free software, you need to have access to the preferred form for modification. What you're talking about is not the preferred form for modification, so it's a blob according to my definition.

Is SELinux an example of that?

>>561391

The Linux Kernel is not completely free

do u git it now?

u can google linux libre ok

>how fucking retarded can you be

"Don't trust this security faker, and don't trust the next one."

>>561397

I know that. I never claimed it was completely free. All I claimed was that SELinux and blobs in the Linux kernel are separate issues.

>>561381

If you can't see the point of the post was how stupid it sounds to kill someone in a contrived way because of something irrelevant, there is no hope for you.

>>561391

Last I checked, SELinux was non-obfuscated C.

>>561315

>>561318

>>561319

Oh you're so full of shit.

Even if purism is a kickstarter scam like anonabox, what does that prove? Some guy is out to make a buck. Qubes involvement is to let them sell hardware with a 'Qubes compatible' sticker on it.

This thread makes it sound like Joanna and Terry go to illuminati meetings together.

>561381

>you think they can't fuck Ian up if their boss allow them to do it?

Yeah, great. We know spies kill people. That's not the crazy part. What's crazy is a mentally ill guy who killed himself being a target of the NSA because he worked on some random OS project. If you believe their murder threshold is so low there should be a lot more dead devs in the world.

>>561616

>>561613

He was not mentally ill my friends, that is the scary part, I know none of you can stomach this... but. you have to in the end

they have us by the balls and our children's too

>>561443

For SeLinux to be compatible on almost every major distros and so easily implemented by even the most dumb-brick user means that the kernel itself already have codes that aids in the acceptance of it being blobbed

>selinux/mac/grsecurity secure

>ever

my friends please... you're making me want to go use overchan.2

blya

>>562179

>He was not mentally ill

and what are you basing that on?

he had what looked like a psychotic episode and you're trying to say that government conspiracy is much more likely than it being a genuine psychotic episode? get to fuck

>>562179

>>562179

>selinux/mac/grsecurity aren't secure

gonna need a source for that statement, hoss

>>562910

>>562606

fucking derailment, can we get back on topic?

bumping because i want to hear more opinions on this OS. running it currently and am very pleased, although I lack the skills to audit it.

frankly given the situation outlined by >>560592, it is to be acknowledged there is no way to completely outmaneuver the NSA (other than never going online), all I'm curious about is how effective compartmentalization of processes is at running a secure environment.

Mainly I'm interested in an OS I can run cryptocurrency wallets on. I doubt the NSA is going to steal my bitcoins, but other people are. Having a secure VM one the same machine I browse 8ch with is handy.

Its also nice being able to run different OS' natively.

The no Anti-forensic problem is huge actually

because in a situation where you easily break into a system - but it has no trace, that is somewhat fine, they can delete everything, keylog etc, but you can set up a parameter that detects that your system it has been tempered with, so you simply physically destroy it and get a new 50$ thinkpad

but in a situation where after a massive struggle you, as the hacker, break into a system, and it has a dom0 with all that shit in it, you've basically fucking won - since Qubes doesn't allow you to set up Anti-forensic in it or even a security system to detect intrusion

it simply tells you: 'hey! you got anti-evil-maid, you got net isolation, you got compartmentalization, this is the only way, since anti-forsenic cannot be trusted at all, you shouldn't use it and we'll disable it.'

also note dom0 doesn't allow you to wipe ram as well, if the cops come in, hibernate it and reboot it at the lab they can basically reproduce everything you done in that particular session

holy fuck man i just want to be a good goy citizen tbh fam..................... why i can't enjoy my nikka and lera at ease FUCK

also note that though the FBI hunts pedos worldwide, they protect Dick Cheney and his pals everywhere especially in Thailand and Bali

also note that encryption key standards are chosen by the NSA, and the random key generator in all encryption software actually use pseudo-random-generator

also note that Hillary Clinton does not use Encryption, her emails can leak, her whole server can be broken into, but she can do anything, and she's still running the white house with her pals

==she'll always be free because haha f u c k a y o u c kay u r j u s t a f u c k i n g s l a v e p l e b==

dubs pls

>>565509

your post is confusing me because you use the first person pronoun "you" to refer to the attacker and the defender in the same sentence

you seem to be talking about intrusion detection features for catching remote attackers so what would be the benefit of anti-forensics in that situation?

>you shouldn't use it and we'll disable it

what specific features does qubes disable?

unless i'm missing something antiforensics is only useful for deniability if the cops come (in which case you've already fucked up)

you really think it's better to have shit security and get owned (but know it) than strong security that will stop almost all attacks? that doesn't sound right to me. unless you're important enough to burn a xen privesc, no one is getting into dom0 in the first place

Have you even used Qubes before lol

>>566463

me or this guy?

>>565509

>>566450

this guy ain't neva even used da pubes b444

i also love how qubes verification process doesn't have md5sum, sha1sum, sha256sum and sha512sum and just have a digest and key cause just trust us you dumb fuck!!!!

>>556457

OSv can be used with Xen now (used to be KVM only).

This raises the question, why have a full Linux stack for each VM and not just one application or driver built on OSv for each VM?

>>573827

Have you read Joanna's Blog?

She's a huge edge-power-level-SJW on another level.

>>573827

this is funny since she literally invented blue pill virtualisation attacks

>>575064

show me. all i see on the blog is tech stuff

>>575064

>I strongly believe that freedom of individuals is the most important value

>I can appreciate ideas and work of people who I might be otherwise despising as human beings

>Ideas, science and technology have no morality

>I'm concerned about superficial promotion of females just because they are females

nah, you're full of shit

She must have changed it then

I remember her having some insane-bat-shit about veganism and equality/combating against oppressive countries like russia or some shit