Qubes OS - "A reasonably secure operating system"

Anyone's using, or have used it ?
What's your experience with it ?

Sorry I don't play Minecraft, can't tell.

Using it and have had no problems with it aside from having to fix some screen tearing on video.

I don't do anything fancy with it regarding Windows apps or games/steam etc. so I cannot speak to any issues regarding that.

Make sure you have lots of RAM.

Are packages relatively up to date, or is it more focused on stability like debian stable ?

As far as I can tell, they're reasonably up to date... Qubes itself doesn't pick and choose much aside from dom0.

You can do what you will with the template VMs.

I tried it, it was okay, nice if you really value that layer of security, kind of a bitch otherwise.

What Windows version is this?

>he thinks he can get a Qubes OS iso without being man in the middled
lol

Why did you say that? Aren't https, signature and keys only to prevent that from happening?

Someone may see that you are downloading it but can they modify the download? And even then if you check its integrity wouldn't you find it?

I would be shocked if big government agencies couldn't get a forged certificate from a sketchy certificate authority or run a shell company.

GPG signed, nigger

>check its integrity
The website with the hash could be compromised too.

Even then you can check its integrity. The mirrors and the site have to be compromised to prevent you from getting iso that is not original.

Also when a CA pulls a stunt like that they usually go down instantly. I don't like trusted third party that much it should've been distributed alternative or something else but it's not that easy to compromise on large scale.

>A reasonably secure operating system
nice try cia.

Yes they could be, but that means there is no real iso that you can get anyway so basically out of the scope of this discussion and definitely not a man in the middle attack.

I got my Qubes OS at a GNU/Linux convention from the actual developer.

Yet...

How did you verify it was an actual developer? Who was your CA?

> Thinks an American CA will tell the world when their systems are backdoored by the NSA
I bet you the NSA has copies of Verisign's signing keys.

If you have a cert, you can MITM the website.

Strange people lying in GNU/Linux conventions distributing USB sticks is no basis for an OS distribution.

Conveniently ignoring the PGP signature.

I was just kidding.

They won't but someone in the company will eventually if it is done on a big scale. Messing with a single person, I don't think anyone will care. You can actually hold the whole company as hostage and demand millions to keep quiet.

But how do you get the certificate? Yes it's a single point of failure but no one will make your job easier.

VMs are no silver bullet, just look at the recent pwn2own.

>not implying the CIA don't have moles working in the GNU/Linux dev community

>certificate
National Security Letter or a hacked authority from a shitty country

>National Security Letter or a hacked authority from a shitty country
So either get it lawfully or get it from an obscure company that is not being used that much at all. I don't see how it would work for a large scale attack which may not be true for Qubes OS but still their website gets the certificate from Comodo how would you compromise that?

For an international attack:
Give the domain authority an NSL to redirect traffic to a server with your certificate.

For just America:
Give an NSL to ISPs to use your certificate when someone connects to the website.

NSL is just the law. Lawfully being man in the middle is not the topic of this discussion. Of course existence of CAs and not a distributed version of it makes the law enforcement's job very easy but still it is a lawful override.

How can a person who'd like to inject his own malware to Qubes OS image do that while iso is being transferred?

It's broken and insecure by design. Use hardened gentoo and firejail instead.

Hardened gentoo and firejail are broken and insecure by design.

Man, how easy it is to make up things with no references or arguments.

Go be butthurt somewhere else, NSA.

Not secure enough, there's one very big problem with it, Xen. Your entire security model for qubes OS is hoping xen doesn't have unpatched exploits or backdoors.

KVM itself has a larger attack vector but you can at least harden the system better and minimize damage in the case of exploits.

Go be butthurt somewhere else, NSA.

I didn't even have to change anything this time to be a strawman.

usually the verification key is from the same server too. not very secure if someone has hacked it.

But that's hardly a man in the middle attack isn't it?

>endorsed by a russian spy

this is how you know it's backdoored. snowden is sneaking a message to avoid qubes past his SVR handlers.

>TemplateVMs
>No openSUSE
top kek

Who the fuck is calling it a silver bullet except for you, dip shit?

Actually quite a lot of people believe it's okay to run untrusted code just because they're on a VM.

I want to put together a custom desktop specifically for Qubes OS. What parts are needed? I went to their hardware page but it's vague at best.

The latest cia wikileaks.org prove that no hash is safe
Lmao

You need:

CPU
RAM
STORAGE
NORTH AND SOUTH BRIDGE
MOTHERBOARD
Input devices
Output devices

I suggest keyboard, mouse and monitor compatible with your motherboard

What CPU, RAM, etc. is compatible with Qubes OS?

How much RAM?

I was trying to run it in a wm, I first gave it 4gb, but it crashes on boot. Tried again at 8gb, but it still runs very slow.

Are you using DDR2, DDR3, or DDR4? Is your motherboard compatible with the type of RAM you are using?

What are the chances that an obscure OS thread is posted and 4 minutes later a user appears to answer all our questions?

More likely than you thunk?

Currently I run arch, and a windows virtual machine with a GPU passed through. I need the iommu patched kernel for iommu groupings and stuff.
Can I do the same on Qubes in a reasonable way? If yes, I'll try it out.

Very likely in a board that dominantly talks about Linux.

I'm confused as to why you wouldn't be able to? Just because there are other virtual machines running don't mean there couldn't be another one.

>don't
*doesn't

Thank you, not a native speaker.

English is a beast. You are welcome.

I meant vm(virtual machine). Also i only have a i5 4670k so I could only give the vm 3 cores.

It does seem so, however I'm not at all familiar with xen.
There's also the weird iommu groupings with the 4790k which require a patch for kvm, but I'm once again not sure if that carries over to xen.

Come to think of it, I can just go and try it myself.

I'll probably have to fight with some virtualized devices and drivers on the quest though. Especially the nVidia card.

How come you're not calling each other faggots? Must be a timezone thing...

Can it run a macOS guest VM with usable 2D video performance?

I am using a GTX 750 ti & i7 4790 and I have had more trouble with GNU + Linux than all other trouble combined.

I am just positive there is something sinister ``Inside''®™

Garbage, like any other OS for the IBM PC.

Here's a tip: If you want a secure OS, don't use an OS.

>I was trying to run it in a wm
I'm pretty sure you're not supposed to be able to do this.

?

Run VMs inside a VM. That's asking for trouble.

Why is this better than TAILS?

Because it's TAILS + full autism.

Your question does not make sense. Those distro focus on different security points : Tails is more about anonymity through internet traffic, and Qubes is more about "local" security by isolating programs in their own sandbox. You could perfectly install Qubes and run Tails inside a sandbox, even though that's a little bit far-fetched.

So it's VM: the OS?

yes
but honestly kvm with pci passthrough and proper virtio drivers will perform better for the windows guest than it will on qube's xen

That's the perfect description for it in fact.

Does it comes with pre configured VMs at least?
Or can be used with VMDI?

It comes with Debian, Fedora and Whonix (Both the client and the 'server') right out of the box. A little bit of disgusting hackjobbery and you can get a Kali VM up and integrated with the qubes GUI running quite pleasantly.

That's some shit attempt at a Sandbox joke