I‘m a heavy user of Qubes OS. The “Convert to Tusted PDF” feature is something I use almost daily.
My use case is examining, cleaning and possibly distributing application letters and CVs. If you have to read job application letters, the advice to just open files from people you trust, just doesn’t work. The amount of untargeted malware we receive through this channel is considerable. We had targeted attacks too.
I’ve known about Qubes OS for a long time but interestingly the advice to use it for all processing of application letters didn’t come from my tech circles but from a recruiter.
Given the strict laws about data retention in my jurisdiction (Germany) a cloud solution (short of homomorphic encryption) probably isn’t going to work for me. The idea of using discrete devices sounds interesting though.
I think the Qubes team desperately needs more funding. Give them some of your money. Tell them your priorities.
Qubes + Whonix has been an enormously tremendous success.
I'm so happy to have Qubes as my daily driver at home. However, because of so little money coming in, development seems much more limited than it could otherwise be.
It's a wonder what they've been able to do so far with no budget and few external developers contributing.
This was an awesome read. These guys are doing some of the most groundbreaking work in computing right now.
The idea of having an "operating system" made up of components dispersed across the globe seems like a fantasy that is too good to be true.
If Qubes can finally provide a method for passing through NVIDIA GPUs with this kind of architecture, Xen or not, that would be incredible. It's the only reason I had to leave Qubes.
Why would you want something like that though? What are the benefits that are worth the huge amount of overhead of having to pass through the internet to connect components?
I mean I get cloud computing and such, but this seems to be aimed as a consumer OS, which is very sensitive to delays and whatnot.
Amen. Huge silver lining to Meltdown has been raised awareness over what a mess our hardware is.
As long as we're in Intel x86 land, the Plan 9 service-per-box approach is probably about the best we can do, and I'm not saying that with any joy, or as an endorsement.
Or, perhaps we can claw our way back to the 1960s and reclaim working memory protection? As obvious as that sounds, I wouldn't take it for granted. People already accept all sorts of half-broken proprietary bullshit for GPU performance, bootloading, AMT, etc. From the mailing lists, looks like Intel is trying to normalize that for CPUs as well.
I think the cloud aspect is also quite interesting in the potential for a much cheaper remote desktop. Most applications don't require a beefy CPU, so just run them on something cheap and then just run anything demanding on a more powerful node.
With the Qubes Air architecture, the unpopular Intel ME/AMT could be repurposed as a VNC server for web browsing on a dedicated device, e.g. old laptop. The AMT VNC client could be run in a thin Qubes VM. This would isolate the web browser (main x86 CPU), VNC server (Intel ME cpu) and VNC client (Qubes device CPU) on three physical processors. Usability would depend on performance of the AMT VNC server.
Qubes would make for a great startup and, given the time, prob a very successful ICO.
I was positively and at the same time negatively surprised reading about the 30k users. All issues/obstacles reported don’t seem so unachievable if one can imagine to focus on one specific hardware platform and with a good marketing team. I understand this is beyond a research project, but it would make for a great startup.
At the same time I don't want such a project anywhere near shady investors and founders seeking bro get rich and destroy the company like most start ups
This is interesting. However, I don't get how stuff in the cloud can be considered secure. Unless you trust them, anyway. And also, I'm reminded how little privacy seems to matter for Qubes devs.
Edit: OK, I take it back. Replacing VMs with discrete devices on local networks is very cool. I just wish that they'd emphasized that, and then talked about using cloud resources. Indeed, what boggled my mind is that someone would go through the hassle of learning Qubes, and then put some of it in the cloud.
The cloud stuff seems incidental to the article's main point. At least that's how I read it.
Rather, it sounds like they are trying to properly abstract the isolation technology away from any specific implementation. They then realized that this would also allow "Qubes on the Cloud" with relatively little extra effort.
From a personal choice standpoint, it seems we will still have the option of avoiding cloud zones completely if we so desire, so no harm there.
If we think about the sociology of security however, lowering the barrier to entry seems like an overall win, assuming we believe in the Qubes security model.
It's a lot like fingerprint readers on phones. Sure, they're not near as strong as a high entropy password, but they're convenient enough so people who previously never locked their phones now use a fingerprint lock.
You can put the untrusted VMs in the cloud, to get better isolation between them and more important stuff. This, e.g., is a way of preventing two colluding VMs from communicating.
Uh!? What’s the issue with privacy? Qubes is great to make sure you don’t get a malware while you watch “youtube”, and this malware gets access to your bank account. I feel privacy is kind of out of scope here, not that you don’t need it, but you can plug it in with ease. There’s nothing in qubes design that prevents privacy.
Cloud is just a way to distribute computation, and make sure storage is always available to you. Everything should be assumed to be protected — I mean, they protect video memory among processes/apps, you’d bet they protect your data on the cloud.
[+] [-] weinzierl|8 years ago|reply
My use case is examining, cleaning and possibly distributing application letters and CVs. If you have to read job application letters, the advice to just open files from people you trust, just doesn’t work. The amount of untargeted malware we receive through this channel is considerable. We had targeted attacks too.
I’ve known about Qubes OS for a long time but interestingly the advice to use it for all processing of application letters didn’t come from my tech circles but from a recruiter.
Given the strict laws about data retention in my jurisdiction (Germany) a cloud solution (short of homomorphic encryption) probably isn’t going to work for me. The idea of using discrete devices sounds interesting though.
[+] [-] viraptor|8 years ago|reply
[+] [-] xvilka|8 years ago|reply
[1] https://github.com/QubesOS/qubes-issues/issues/2809
[+] [-] adultSwim|8 years ago|reply
Qubes + Whonix has been an enormously tremendous success.
I'm so happy to have Qubes as my daily driver at home. However, because of so little money coming in, development seems much more limited than it could otherwise be.
It's a wonder what they've been able to do so far with no budget and few external developers contributing.
[+] [-] jeditobe|8 years ago|reply
[+] [-] kakarot|8 years ago|reply
The idea of having an "operating system" made up of components dispersed across the globe seems like a fantasy that is too good to be true.
If Qubes can finally provide a method for passing through NVIDIA GPUs with this kind of architecture, Xen or not, that would be incredible. It's the only reason I had to leave Qubes.
[+] [-] hawski|8 years ago|reply
I found a good introduction to Plan 9 architecture in this comment:
https://news.ycombinator.com/item?id=15989697#15990077
[+] [-] Cthulhu_|8 years ago|reply
I mean I get cloud computing and such, but this seems to be aimed as a consumer OS, which is very sensitive to delays and whatnot.
[+] [-] eptcyka|8 years ago|reply
[+] [-] pikchurn|8 years ago|reply
Read up on Amoeba and Sprite in the 80's.
[+] [-] qplex|8 years ago|reply
It's good of them to admit that the layers-upon-layers approach just doesn't bring in any additional security if you have buggy/unsecure hardware.
[+] [-] jstewartmobile|8 years ago|reply
As long as we're in Intel x86 land, the Plan 9 service-per-box approach is probably about the best we can do, and I'm not saying that with any joy, or as an endorsement.
Or, perhaps we can claw our way back to the 1960s and reclaim working memory protection? As obvious as that sounds, I wouldn't take it for granted. People already accept all sorts of half-broken proprietary bullshit for GPU performance, bootloading, AMT, etc. From the mailing lists, looks like Intel is trying to normalize that for CPUs as well.
[+] [-] slaymaker1907|8 years ago|reply
[+] [-] transpute|8 years ago|reply
[+] [-] ecesena|8 years ago|reply
I was positively and at the same time negatively surprised reading about the 30k users. All issues/obstacles reported don’t seem so unachievable if one can imagine to focus on one specific hardware platform and with a good marketing team. I understand this is beyond a research project, but it would make for a great startup.
[+] [-] tlrobinson|8 years ago|reply
[+] [-] cyberpunk0|8 years ago|reply
[+] [-] mirimir|8 years ago|reply
Edit: OK, I take it back. Replacing VMs with discrete devices on local networks is very cool. I just wish that they'd emphasized that, and then talked about using cloud resources. Indeed, what boggled my mind is that someone would go through the hassle of learning Qubes, and then put some of it in the cloud.
[+] [-] xelxebar|8 years ago|reply
Rather, it sounds like they are trying to properly abstract the isolation technology away from any specific implementation. They then realized that this would also allow "Qubes on the Cloud" with relatively little extra effort.
From a personal choice standpoint, it seems we will still have the option of avoiding cloud zones completely if we so desire, so no harm there.
If we think about the sociology of security however, lowering the barrier to entry seems like an overall win, assuming we believe in the Qubes security model.
It's a lot like fingerprint readers on phones. Sure, they're not near as strong as a high entropy password, but they're convenient enough so people who previously never locked their phones now use a fingerprint lock.
[+] [-] robryk|8 years ago|reply
[+] [-] ecesena|8 years ago|reply
Cloud is just a way to distribute computation, and make sure storage is always available to you. Everything should be assumed to be protected — I mean, they protect video memory among processes/apps, you’d bet they protect your data on the cloud.