/qos/ Qubes OS General

It's hot fucking trash. It's only popular because of Snowden.

Snowden was not even in a technical role, you guys know that right?

Explain why you think Qubes OS is trash.

It's a meme and OpenBSD is the real secure OS

>It's a meme and OpenBSD is the real secure OS

>a meme

Are you retarded? You don't even understand what it is about. It's about security by compartmentalization. The dom0 has no internet connection and is only 2500 LOC. There's a sys-net vm and a sys-firewall vm. Everything you do runs in a vm. The vms are read only except your personal data. If you restart the vm everything is gone. Please do yourself a favour and read this:

qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf

The same level of security would be accomplished with Docker/LXC containers instead of using Xen VM bullshit - at a far lower cost of resources.

So make an OS that uses your technique then (you can't). Your way is a lot slower, takes months or maybe years to set up in a similar way to QubesOS and is cumbersome to use

>The same level of security would be accomplished with Docker/LXC containers instead of using Xen VM bullshit - at a far lower cost of resources.

So why don't you build that? Build it and make it as good as Qubes OS. When you have a working OS we can talk again.

Also here a nice YouTube playlist: youtube.com/watch?v=fiXuYI3G0SE&list=PLj8EOFaxOgsS63cd1YZjc56p2brTyIRUF

So how are you going to run GUI applications in your Docker OS? Are you going to start VNC servers in every docker container and then run a lot of VNC clients? This isn't secure at all. You have no clue what you are talking about.

What gave you this idea?

I think he was talking about securing an actual server. You know, the only thing anyone would ACTUALLY try to break into.

>I think he was talking about securing an actual server. You know, the only thing anyone would ACTUALLY try to break into.

You probably wouldn't use Qubes OS for servers. If you think Qubes is a server-oriented OS you are totally wrong. Also there are a lot of people trying to break into desktops, smartphone, fridges, you name it. I have no idea why you think only servers have to be secure.

They can't even make an installer that works, and I'm supposed to trust my security with them?

What part about the installer doesn't work for you? It's anaconda btw. Developed by Redhat.

No just general use. Browsing the web, reading documents, programming. It really lags on Firefox. Especially if I'm trying to stream any kind of content.

Isn't the design of qubesos based on vm stuff for modern servers?

Strange. Streaming works fine for me. Does the dom0 support your graphics card? R3.2 is quite a bit old. R4.0 gets better and has awesome new features, but it's currently rc1 and still has a lot of bugs.

It's based on Xen. You can use Xen to setup servers. But Qubes OS isn't designed to be a server OS. It's designed to be a secure desktop OS.

For more info on Xen in general, see here: en.wikipedia.org/wiki/Xen

The text based installer is completely broken and has been for years. Literally impossible to use.

>The text based installer is completely broken and has been for years. Literally impossible to use.

So that's a general anaconda installer problem? For years you say? Strange.

Didn't the graphical installer work on your computer or why did you have to use a text-based installer instead of the default one?

The graphical installer did "work", but I was unable to boot into a working system afterward for some reason. I thought I'd try the text based one out of desperation. Apparently someone found a workaround by creating a configuration file with encryption settings and setting anaconda to do everything automatically based on that (I forgot the details, I don't know shit about Redhat). I guess the problem comes from the fact that there's no way to set encryption options from within the installer itself. Anyway, I finished the installation, but had the same problem.

It's probably my fault I guess. I was installing in an unorthodox manner by mounting the ISO in a VM and installing to an external drive due to being to lazy to go buy a new flash drive. I can't imagine why that would bork the installation though, and I ended up coming across enough trouble along the way that the whole project just seems really unprofessional to me now.

I'm using integrated graphics. Which Qubes recommends. The hardware should be strong enough. I've tired Solus Os and it can stream 4k video without stuttering. 1080p 60fps brings firefox to a crawl on qubeos.

Did you try to install R3.2 or R4.0rc1? The latter is know for having this problem. You can solve it by removing the iommu option from the loader. See the mailing list for details: groups.google.com/forum/#!forum/qubes-users

Don't use the release candidate when you are not a Qubes OS developer or trying to become one. It's still unstable. Use R3.2 because it's quite stable.

I used R3.2. Maybe 4.0 will hopefully iron out some of these problems.

>I'm using integrated graphics. Which Qubes recommends. The hardware should be strong enough. I've tired Solus Os and it can stream 4k video without stuttering. 1080p 60fps brings firefox to a crawl on qubeos.

There are a lot of possible options. The R3.2 dom0 still uses Fedora 23, so the kernel is quite old. Also what version of Firefox did you run in the AppVM? Did you know there's an Archlinux template vm? You can also have a look at the vm configuration and the resource limits. Xen is normally really performant. People use it to run hundreds of servers on a single machine. 3D games should be a problem though. So you cannot simply install Windows 10 in a qube and expect it to run Battlefield.

Do you have VT-d and VT-x enabled?

Are you retarded?

Strange. You could try the iommu thing, but it's a fix for R4.0rc1 not R3.2.

groups.google.com/forum/#!topic/qubes-users/dteaHz8zOUo

R3.2 should normally boot after the installation.

Right, because auditing rube goldberg machine of kernel modules is easier than keeping dom0 secure.

>Hoping for an actual discussion on security on Sup Forums
>mfw

>The R3.2 dom0 still uses Fedora 23, so the kernel is quite old
Yeah that must be the problem I'm using the default fedora templete. The Debian default was even worse. The whonix workstation seems to run the fastest. I guess I'll give arch a try. Shouldn't Qubes be capable of running 3d games if you pass over a graphics card to the windows vm?

>Yeah that must be the problem I'm using the default fedora templete.

The default fedora template is old. The R3.2 release notes recommend you to upgrade it to fedora 24:

qubes-os.org/doc/releases/3.2/release-notes/

But recently they added a fedora 25 template, and a fedora 26 is available in testing.

>Shouldn't Qubes be capable of running 3d games if you pass over a graphics card to the windows vm?
That opens up a lot of attack vectors. I think securely playing 3D games was not the developers' main vision when developing Qubes OS but it would be a nice field of research.

Also verify you have VT-d and VT-x enabled, see

>I think securely playing 3D games was not the developers' main vision when developing Qubes OS but it would be a nice field of research.
It would be a nice for anyone that likes to pirate commerical software or crack software they own.

If you're into cracking things, you should have a look at running Kali Linux in a vm:

qubes-os.org/doc/pentesting/kali/

Here's also a interesting video about using Qubes to sniff a Windows 7 installation:

youtube.com/watch?v=eZhRj_eNqpI

Cool stuff. Qubeos is something special. You can really do some specialized stuff with vms that are a complete pain on normal systems. I hope they find a secure way to enable gpu use in vms

Here are some infos about GPU passthrough:

qubes-os.org/doc/user-faq/#can-i-run-applications-like-games-which-require-3d-support

groups.google.com/forum/#!topic/qubes-devel/MfHy2jmXhXM

groups.google.com/forum/#!topic/qubes-devel/MeLYpHyLRHQ

Thanks for the tips. I'm using the default two cores for fedora 25 and it runs smooth is butter.