[HN Gopher] What Is Qubes OS?
___________________________________________________________________
What Is Qubes OS?
Author : LinuxBender
Score : 137 points
Date : 2022-07-09 16:47 UTC (6 hours ago)
(HTM) web link (www.qubes-os.org)
(TXT) w3m dump (www.qubes-os.org)
| duxuev wrote:
| I remember seeing that Edward Snowden uses it daily. Wonder if
| that's still the case.
| sacrosanct wrote:
| Anyone use this as a daily driver? I tried installing it and it
| crashed on first run. Should have looked at the list of
| compatible laptop models first. It's a bit overkill for my needs.
| My threat model doesn't require me to spawn a disposable Fedora
| VM just to read a PDF document. I just open a PDF in Google Docs.
| f38zf5vdt wrote:
| I have been using it for over 5 years for all personal things
| like email, banking, and paying bills. Once you find good
| hardware for the OS, it runs very well, but you either need a
| lot of memory or to close each VM as soon as you're done with
| it and run only one-two VMs at a time. I would say minimum of
| 16 GB RAM with 32-64 GB preferred.
| shaky-carrousel wrote:
| I do. I use it in a Librem 15v4, with 32GB of RAM.
|
| It's not only about threats, it's pretty convenient. I do all
| my dd operations, feeling confident a mistake won't wipe out my
| HDD. I have a work vm and a personal vm (and many more), and I
| can share full screen on my work vm knowing that all personal
| windows are hidden.
|
| I have files and programs organized by vms. I can try
| installing new applications in a disposable vm knowing well
| that all their files will be wiped out when I close the vm.
| polotics wrote:
| Works fine on an older ex-windows laptop, repurposed for
| throwaway VMs, trying things... Could not get it to run on a
| 2015 MacBook Pro, would be using it more if I had.
| eduction wrote:
| I have for about five years. Install has been fine for me
| across three laptops (various ThinkPads), with the caveat that
| I chose models known to work well with linux (you're booting
| into fedora, which runs Xen as dom0). Also, the one time I had
| to do a lot of work was when I bought a newly released version
| of a laptop; a few months later I upgraded to a later version
| of Qubes and it installed normally.
|
| There is an up front investment in figuring out how to
| partition your computer use/apps into VMs and then setting up
| the VMs. If you're not already a Linux user there is also the
| usual learning curve of switching to Linux (most qubes users
| use mostly Linux vms, windows takes more work to get going, I
| have windows 10 working but it took some effort).
|
| I absolutely love the disposable VM model. I do all my web
| surfing (except some financial sites) in disposable VMs and
| cannot fathom going back to downloading and executing untrusted
| code (JavaScript) outside a dispVM. Similarly, I cannot imagine
| opening documents from untrusted third parties outside a vm of
| some sort. Even software I don't fully trust (e.g. Zoom, bluRay
| ripping software) I like to run in disposable VMs or at least
| their own dedicated vm.
|
| Qubes is like any other specialized tool - it's worth investing
| the time if what it offers (security and privacy) is something
| you especially value. Having seen supposedly exotic and
| advanced threats become more commonplace over the last 20 years
| I think we all will end up using systems to some extent similar
| to Qubes, at least inspired by Qubes. Some of what's not in
| your threat model today will be, eventually. The only question
| is how much.
|
| In practical terms, it is in some ways like going from having
| one computer to having a network of computers. You do become
| something of a sysadmin. There is some pain there especially up
| front but I am at the point where I am expert enough that the
| ongoing time and pain investment is quite minimal.
|
| More than anything, I feel completely exposed on other OSes. I
| wish other operating systems (like macOS) would steal the best
| ideas from qubes. For example, let people open files in
| disposable VMs when they want to, and cause this to happen by
| default for downloaded files, and by default have people surf
| the web in the rough, more seamless equivalent of a disposable
| VM, possibly with some carve outs for ease of use (like make it
| almost transparent, with some red flag, to move downloads out
| of the browser vm, and do likewise with uploads). Also, Qubes
| has "vaults," which are just VMs with no internet where you put
| your most sensitive files; I put basically all my files there
| because they really don't need live internet. You could
| translate this on a "regular" OS into some kind of area that's
| extra protected from other processes somehow. For example
| unprompted access to files in the vault would require explicit
| authorization, and files in the vault could not cause network
| connections by default. Something along those lines.
| ChikkaChiChi wrote:
| I couldn't agree more. Secure computing adoption requires
| easy usability.
|
| We helped push technical adoption through skeuomorphic design
| patterns, but left engineers to figure out how to educate
| users on permissibility. That's a failure on us as an
| industry. We should be building to keep people safe from the
| dangers we all know about FIRST, then and only then should we
| build the access controls to allow access to other resources
| and interoperability.
|
| I feel like chromiumos is the closest we have to a mainstream
| solution for this, but a combination of Nix and Qubes would
| be even better.
| i_like_waiting wrote:
| Writing from Qubes right now. x230 with 16gb ram and it runs
| just fine. Still figuring some things out tho.
| mysterydip wrote:
| I tried probably half a year ago, and it installed fine, but I
| just couldn't wrap my head around how to use it right.
| nubb wrote:
| same here. the entry bar is really high on qubes.
| minimalist wrote:
| Daily driving for years now. Only thing to really keep in mind
| is having sufficient RAM. Otherwise, it's great for
| development. You can keep TemplateVMs for all of your
| development environments and tear them up and down, duplicate
| them, assign to a VPN, etc. Not good if you need GPU
| acceleration for anything, but some people have worked on GPU
| passthrough.
| jamal-kumar wrote:
| Yeah 16gigs+ is what you want here. Not rare in modern
| computers.
| Sakos wrote:
| Using Qubes over a year on my personal laptop, I found 16GB
| to be too fussy and I constantly had to fiddle with VM RAM
| sizes. I would recommend 32GB.
| [deleted]
| jamal-kumar wrote:
| I have in the past before I became bound to doing windows-
| compatible development. It was actually really great. I didn't
| hate it at all.
|
| I liked the ability to run multiple linux distros and a windows
| 7 VM for stuff that needed that, but scrubbing PDFs I think is
| one of those underrated things considering how much malware
| comes in through those. Like I would rather not do that in a
| docker container of all broken condoms. Right now I just have a
| seperate computer to take care of that. I'd probably use qubes
| if I had an intel laptop as my daily driver again.
|
| Oh and the only other thing was laptop battery life. Maybe an
| hour and a half tops.
| iou wrote:
| Conceptually, I love it. I used it since about 2016 until last
| year, but I had to record some video and use stuff like OBS and
| it just became impossible (with my skill level) to get working.
|
| I abandoned and went back to Fedora, which is odd as I'd stuck
| with it through lots of other NVIDIA crap issues and such.
|
| Hopefully adoption increases and one day I can use in a workplace
| setting.
| imagineerschool wrote:
| QubesOS is my favourite technology existing today.
|
| Daily driver on desktop and laptop.
|
| Feels like home.
|
| ^ My highest praise.
| neodymiumphish wrote:
| Maybe this isn't the best place to ask this, but I'll try anyway:
|
| I'm a consultant involved in cybersecurity who often has to build
| and run VMs to either test out software, run things in sandbox,
| or connect to TOR from a VM I'll never use again.
|
| Having said that, I currently use Windows with VMWare
| Workstation, but I find it frustrating and would prefer something
| that's less frustrating and feels more built-in.
|
| Is there a solution that anyone would recommend for this kind of
| thing? Internal networks, Windows and Linux sandboxes, etc. I use
| Microsoft office products regularly, and my workstation (Dell
| Inspiron with an i9, 64GB ram, 2tb SSD) is connected to a
| thunderbolt 4 dock with 2 1440 monitors. I'd prefer for a Windows
| VM to have passthrough to the monitors and be able to interact
| with the host OS via that VM, so I can still share my screen
| during meetings and while coordinating efforts.
| eointierney wrote:
| NixOS or Guix both allow one to fire up a vm based on a
| specification very easily, and positively encourage interation.
| The learning curve is steep but rewarding.
| Dracophoenix wrote:
| I don't known of this works with all your criteria, but you
| might want to go with UnRaid or Proxmox or a Type 1 hypervisor
| like vSphere/ESXi or Xen.
| neodymiumphish wrote:
| Maybe Fedora with Xen is the route I should try, assuming I
| can give the Windows VM full GPU pass-through and use it as a
| "primary" machine. I need to be able to screenshare almost
| daily via Zoom.
| hsbauauvhabzb wrote:
| I use vbox regularly on a Linux host, it's not seamless but
| it works okay. I have custom built vm images with packer
| that do things like enable auto login and disable
| screensaver (these don't matter on a vm, your host is where
| they should happen). I don't need gpu so the vbox drivers
| suffice, but if I did I would probably consider getting a
| quadro or something and doing pci pass through (not even
| sure if vbox supports this)
|
| As a cautionary though, vms are a good boundary but not a
| comprehensive one. If your threat model includes execution
| of 0day exploits (malware analysis or browser exploit
| chains) that can breach hypervisor perimeters you shouldn't
| be doing anything sensitive from the host. RDP is better,
| but iirc there are some case studies of execution on the
| rdp client.
| Dracophoenix wrote:
| GPU Passthrough can be solved with LookingGlass
| (https://looking-glass.io/) if you just want a solve that
| particular problem. I'm not sure how well it works on a
| laptop but if you have a dedicated graphics card (e.g.
| Nvidia) you should theoretically be able to get it working
| the way you want. I'm sorry for the lack of elegant all-in-
| one packages. I too wish for an Excalibur of VM solutions.
| tryauuum wrote:
| I don't get the distinction between type 1 and type 2.
|
| E.g. xen is type 1 and KVM is type 2. But at the end of the
| day it's a Linux kernel in both cases that runs the virtual
| machines, so what's the point of distinction?
| transpute wrote:
| It's about reducing the size and attack surface of the
| most-privileged code which runs in the system, e.g. moving
| code out of the kernel, making hypervisor/VMM smaller,
| nested VMs, hardware enclaves. This video covers some of
| the changes over the last decade, including Xen and
| Bromium, https://youtube.com/watch?v=bNVe2y34dnM
| simcop2387 wrote:
| It's what runs above the vms that is the distinction. For
| xen it has its own kernel instead of running Linux as the
| hypervisor and host system. Xen still uses Linux typically
| as the domain zero as it calls it for doing control and
| setup but it doesn't necessarily have full access to all
| the hardware on its own.
| hnarn wrote:
| You don't really mention specifically what you find
| "frustrating" about VMWare Workstation so it's hard to know on
| what criteria to give a response.
|
| I don't know how "built in" it can be considered but I've used
| LXD a bit and since it now supports VMs as well I'm guessing
| you could define VMs in yaml in advance and "easily" (depending
| on your definition) tear down and re-deploy VMs with
| preconfigured network settings etc. Vagrant should also work
| for this with a Virtualbox or VMware backend (paid feature).
|
| What exactly do you mean when you say that the VM should be
| able to "interact with the host OS", isn't that exactly what
| you don't want and why you're running a VM in the first place?
| neodymiumphish wrote:
| I'd like the ability to drop files to a VM from another VM,
| like shared folders in Workstation.
|
| My frustrations with VMWare usually revolve around network
| connectivity issues. My internal or NAT networks often fail
| to give the guest VMs the expected connectivity.
| yjftsjthsd-h wrote:
| You work in cybersecurity and want _more_ exposure between
| the host and the guest? You have a very different risk
| tolerance than I would in your shoes
| tssva wrote:
| If you just have a need for isolating Windows applications have
| you tried the Windows Sandbox functionality built-in to Windows
| 10 Pro and Enterprise version? https://docs.microsoft.com/en-
| us/windows/security/threat-pro...
| dang wrote:
| Related:
|
| _Qubes OS: A reasonably secure operating system_ -
| https://news.ycombinator.com/item?id=30776103 - March 2022 (97
| comments)
|
| _Qubes OS 4.1.0 has been released_ -
| https://news.ycombinator.com/item?id=30215210 - Feb 2022 (1
| comment)
|
| _Ask HN: Qubes OS or just separate VMs for separating work and
| private files?_ - https://news.ycombinator.com/item?id=29537961 -
| Dec 2021 (6 comments)
|
| _Qubes OS 4.1 RC2_ -
| https://news.ycombinator.com/item?id=29402767 - Dec 2021 (1
| comment)
|
| _Qubes OS 4.1-rc1 has been released_ -
| https://news.ycombinator.com/item?id=28856957 - Oct 2021 (5
| comments)
|
| _Qubes-Lite with KVM and Wayland_ -
| https://news.ycombinator.com/item?id=26378854 - March 2021 (48
| comments)
|
| _Ask HW: Qubes OS alternative on LXD containers_ -
| https://news.ycombinator.com/item?id=25562208 - Dec 2020 (21
| comments)
|
| _Ask HN: Would it be possible to reimplement Qubes OS but
| lighter?_ - https://news.ycombinator.com/item?id=20622850 - Aug
| 2019 (2 comments)
|
| _Joanna Rutkowska leaves Qubes OS, joins Golem_ -
| https://news.ycombinator.com/item?id=18300345 - Oct 2018 (68
| comments)
|
| _Introducing the Qubes U2F Proxy_ -
| https://news.ycombinator.com/item?id=17958219 - Sept 2018 (2
| comments)
|
| _Qubes OS 4.0 has been released_ -
| https://news.ycombinator.com/item?id=16699900 - March 2018 (39
| comments)
|
| _Qubes Air: Generalizing the Qubes Architecture_ -
| https://news.ycombinator.com/item?id=16255251 - Jan 2018 (65
| comments)
|
| _Qubes OS: A reasonably secure operating system_ -
| https://news.ycombinator.com/item?id=15734416 - Nov 2017 (144
| comments)
|
| _Reasonably Secure Computing in the Decentralized World_ -
| https://news.ycombinator.com/item?id=15566563 - Oct 2017 (44
| comments)
|
| _Toward a Reasonably Secure Laptop_ -
| https://news.ycombinator.com/item?id=14743238 - July 2017 (100
| comments)
|
| _"Paranoid Mode" Compromise Recovery on Qubes OS_ -
| https://news.ycombinator.com/item?id=14218504 - April 2017 (14
| comments)
|
| _Tor at the Heart: Qubes OS_ -
| https://news.ycombinator.com/item?id=13272076 - Dec 2016 (1
| comment)
|
| _Qubes OS Begins Commercialization and Community Funding
| Efforts_ - https://news.ycombinator.com/item?id=13069615 - Nov
| 2016 (24 comments)
|
| _Qubes OS 3.2 has been released_ -
| https://news.ycombinator.com/item?id=12604417 - Sept 2016 (30
| comments)
|
| _Xen exploitation part 3: XSA-182, Qubes escape_ -
| https://news.ycombinator.com/item?id=12232932 - Aug 2016 (5
| comments)
|
| _Security challenges for the Qubes build process_ -
| https://news.ycombinator.com/item?id=11801093 - May 2016 (17
| comments)
|
| _Qubes OS 3.1 has been released_ -
| https://news.ycombinator.com/item?id=11260857 - March 2016 (44
| comments)
|
| _Qubes OS will ship pre-installed on Purism's security-focused
| Librem 13 laptop_ - https://news.ycombinator.com/item?id=10736516
| - Dec 2015 (109 comments)
|
| _Finally, a 'Reasonably-Secure' Operating System: Qubes R3_ -
| https://news.ycombinator.com/item?id=10654193 - Dec 2015 (1
| comment)
|
| _Converting untrusted PDFs into trusted ones: The Qubes Way
| (2013)_ - https://news.ycombinator.com/item?id=10538888 - Nov
| 2015 (5 comments)
|
| _Enhancing Qubes with Rumprun unikernels_ -
| https://news.ycombinator.com/item?id=10518842 - Nov 2015 (5
| comments)
|
| _Critical Xen bug in PV memory virtualization code_ -
| https://news.ycombinator.com/item?id=10471912 - Oct 2015 (80
| comments)
|
| _Qubes - Secure Desktop OS Using Security by
| Compartmentalization_ -
| https://news.ycombinator.com/item?id=8428453 - Oct 2014 (49
| comments)
|
| _Introducing Qubes 1.0 ( "a stable and reasonably secure desktop
| OS")_ - https://news.ycombinator.com/item?id=4472403 - Sept 2012
| (59 comments)
|
| _Qubes: an open source OS with strong security for desktop
| computing_ - https://news.ycombinator.com/item?id=2645170 - June
| 2011 (16 comments)
|
| _Review: Qubes OS Beta 1 -- a new and refreshing approach to
| system security_ - https://news.ycombinator.com/item?id=2504274 -
| May 2011 (1 comment)
|
| * The Linux Security Circus: On GUI isolation* -
| https://news.ycombinator.com/item?id=2477667 - April 2011 (47
| comments)
|
| _Qubes Beta 1 has been released (strong desktop security OS)_ -
| https://news.ycombinator.com/item?id=2439096 - April 2011 (3
| comments)
|
| _Qubes Architecture - actual security-oriented OS_ -
| https://news.ycombinator.com/item?id=1796384 - Oct 2010 (1
| comment)
|
| _Open source Qubes OS is ultra secure_ -
| https://news.ycombinator.com/item?id=1249857 - April 2010 (7
| comments)
|
| _Introducing Qubes OS_ -
| https://news.ycombinator.com/item?id=1246990 - April 2010 (20
| comments)
| [deleted]
| mumphster wrote:
| Used extensively by Mullvad VPN for a lot of their infrastructure
|
| https://mullvad.net/en/blog/2022/6/15/mullvad-is-now-continu...
| cpach wrote:
| Not really for infrastructure though? Still neat.
| jacooper wrote:
| My main problem with QubesOS is GPU acceleration. Using any
| intensive app is a chore because its so slow, and I Also game on
| Linux.
|
| But In general I don't think its for me anyway, I'm comfortable
| with my current Fedora 36 Workstation setup.
| mrtweetyhack wrote:
| rkagerer wrote:
| I was reading about Device Isolation but there's still something
| I'm not clear on:
|
| Does the OS claim to prevent partially-trusted PCI devices linked
| to one VM from accessing memory of another VM? If so, how's that
| done?
|
| I understand by default the hypervisor resets a device when it's
| moved from one VM to another, which would mitigate an evil device
| driver in the former from impacting the latter. But that doesn't
| protect from isolation breaches caused by evil [persistent]
| firmware.
|
| I thought PCI cards have DMA access to all the system's memory
| space, unless you happen to have a server-type motherboard with a
| "smart PCIe bridge that can be programmed to perform address
| translation and access restrictions"
| (https://superuser.com/a/988179). Is such hardware more common
| now? Or does Qubes rely on all hardware you plug into it being
| trustworthy?
| simcop2387 wrote:
| The iommu device is present on nearly all systems these days,
| even consumer ones. Intel calls it vt-d. The big issue is the
| device groupings that are setup by the firmware, and down
| stream pcie bridges. It's become more common because it's the
| only way to secure thunderbolt ports
| wtallis wrote:
| Yep, IOMMU support used to be one of those features Intel
| used for product segmentation, eg. disabling it on the -K
| overclockable CPUs while leaving it enabled on the
| counterparts with locked multipliers. Thunderbolt is what
| forced them to stop playing that game.
___________________________________________________________________
(page generated 2022-07-09 23:00 UTC)