/tech/ - Technology★

>>>/g/

I'm not familiar with Qubes. How susceptible is it to people doing the equivalent of running shit as root willy-nilly thus negating the security they were meant to have in the first place?

>>950492 (OP)

It's insane that this is needed in the first place.

Anyway, with your your browser in a jail, accessed via a sandboxed x-server (no leaking via X) you are already doing well for 90% of everyday use I think.

i've got nothing to hide

qubes is only for pedos anyways

>>950492 (OP)

The average user is not running Qubes because it's not Windows, and even if you managed to get them to switch their terrible opsec would make it all pointless: they would just whine when the Os tries to warn them against doing something retarded, and then whine when their retardation fucked over their system.

For an advanced user, Qubes is overkill in some areas and not good enough in others, and at the end of the day the biggest issue remains deciding what software to trust.

>>950505

Very susceptible, because the easy way would be running everything in the same VM and that defeats the point.

The only way you can stop idiot users is with an idiot Os that gives you no root and no freedom, such as iOs, but that's worse than the original problem.

I've been meaning to try it out for quite some time now actually. I just would like to know if GPU passthrough works properly on it.

3.2 works just fine for me but I don't have the hardware that supports 4.0 yet. It's a pretty decent system all around even if it eats all of your ram.

Qubes doesn't like GPU acceleration, so for now I don't have any real use for it.

>be CIA nigger

>exploit Gentoo machine by MITMing portage sync

>"oh it's a vm"

>exploit your cucked Intel CPU and read memory from all VMs.

>>950533

This is true but in the case of anything computer related, nothing is completely safe. The best thing you can do is mitigate as much as possible.

>>950517

How would this case be handled in Qubes: I downloaded stuff from the internet and want to put the poz in my separate VM which has my personal data.

Does Qubes best practice say that's a no go? Or is there some kind of reconciliation. At some point the poz is touching a virgin butthole so what happens then? Otherwise just use a RAM resident distro.

>>950533

>cia nigger

>wasting time on hacking anons computer full of chinese cartoons

wut

>>950536

> I downloaded stuff from the internet

So the stuff is now in the VM with your browser

>and want to put the poz in my separate VM which has my personal data.

Depends on what the stuff is, and how the VM with your data is configured.

If you downloaded notavirus.tar, you probably don't want to risk losing your data to it.

If it's notspyware.deb and you really need to run it in your personal data VM, just config that l VM to have no internet access.

As I said above, the real problem is deciding how trustworthy any piece of software is.

>>950541

Thanks. I understand your point about trust. At the end of the day I suppose Qubes would be better for people who are already paranoid/opsec-focused, but not to the point where they run everything in RAM.

>>950541

So that would be moving to a model akin to what you have on (rooted) smarthphones where you have control over which app can access which part of your device.

Maybe they can add this functionality to systemdicks or something.

>>950492 (OP)

1. It's the definition of bloatware, it eats your memory for the half a dozen VM's that you apparently need for "security"

2. The lead developer is a tranny freak

>>950565

If we just let systemd do everything we only have to worry about pid 1 which will increase security.

Qubes avoids the real source of the problem, which is that UNIX processes suck. UNIX (and Windows) already have "domains" called processes which have their own address spaces and pretend to be the only program running on the entire machine. Processes don't have access to files, USB, networking, the keyboard, or anything else outside their address space. Everything is provided through system calls to the kernel. They can't view anything in anyone's home directory unless the kernel lets them. All of these exploits and privilege escalations are because the kernels give any program run by the user the ability to do anything the user can do. Multics separates what a user can access (through ACL and AIM) from what a process can do (through rings) and code run by the same user can run in different rings.

http://multicians.org/multics-data-security.html

>The power of the ring mechanism lies in the execute and call brackets. Assume that the ACL and AIM mechanisms give a user read and execute access to a segment. If the user process is executing in a ring within the execute bracket of a segment when it attempts to transfer (execute) to the segment, it is granted access and its current ring number remains the same. If it is not within the execute bracket, but it is within the call bracket of the segment, access is granted and the current ring number is temporarily changed to that of the highest ring number in the segment's execute bracket (and automatically reverts to its original value when the process returns to the calling program). If the process is in a ring outside the call bracket of a segment when it requests access, access is denied (even if the ACL and AIM mechanisms allow it).

The most threatening thing I see in computing today is the
"we have found the answer, all heretics will perish"
attitude. I have an awful lot of experience in computing, I
have used six or seven operating systems and I have even
written one. UNIX in my view is an abomination, it has
serious difficulties, these could have been fixed quite
easily, but I now realize nobody ever will.

At the moment I use a VMS box, I do so because I find that I
do not spend my time having to think in the "UNIX" mentality
that centers around kludges. I do not have to tolerate a
help system that begins its insults of the user by being
invoked with "man".


Apollo in my view were the only UNIX vendor to realize that
they had to put work into the basic operating system. They
had ACLs, shared libraries and many other essential features
five years ago.


What I find disgusting about UNIX is that it has *never*
grown any operating system extensions of its own, all the
creative work is derived from VMS, Multics and the
operating systems it killed.

>>950593

unixhater have you ever posted any lisp code?

>>950601

Unixhater is the hero we need but don't deserve.

>>950609

so, no?

>>950500

the only true answer

Just fucking install xen on your distro of choice.

Don't install redhat shit.

>>950537

oi, u got a loicense for that loli?

>>950631

Samefagging once was acceptable. But twice? You're flying on wings of wax my friend.

>>950506

>2018

>using X

nigger please

>>950578

>2. The lead developer is a tranny freak

>tranny

proof?

also, even if true, what does that change?

>>950640

Assuming you're not a console autist, does Wayland have any way to easily configure the keyboard?

>>950647

>configure the keyboard

>easily

if it needs to be one only once, it's not a big deal if it's not easy

>>950649

>if it needs to be done

my gaybook keyboard begins to die apparently, sorry about that

>>950649

As long as it's possible. For my configuration, I use backspace swapped with caps lock. I have this line in my .xinitrc:

setxkbmap -layout us -variant dvorak -option caps:backspace

However, I have to (manually) run this script every time I restart X:

#!/bin/sh

xmodmap -e "keycode 22 = Escape" && xmodmap -e "keycode 9 = Caps_Lock"

xmodmap -e "clear Lock"

I've tried many things to get it to run on X startup, but it fails.

>>950658

Your mysterious ways do not work on me.

Because qubes fucking sucks and doesn't support a lot of the shit I'd like to set up. I just run vms on a dedicated vm machine and manage it from a laptop for all the shit I fuck around with since qubes doesn't let me configure it how I'd like

>>950578

>The lead developer is a tranny freak

Hate to tell you, faggot, but it's an actual honest-to-God woman. She's Polish and the trannyism wave haven't reached there yet back when the project was started.

>>950533

>be CIA nigger

>exploit Gentoo machine by MITMing portage sync

>"oh it's a vm"

>try a cucked CPU exploit

>doesn't even run, much less work

>uname -a

<Linux cocklord 14.88 SMP ppc64le GNU/Linux

>it's a Talos

>no bonus today

>>950653

My educated guess would be that your DE is resetting those settings during startup, well after .xinitrc is run. You would need a way to run the script later in the startup sequence. Have you tried a .desktop file in .config/autostart/ ?

>>950492 (OP)

For some reason that I cannot understand, it uses systemd.

>>950492 (OP)

>I'm curious as to why we aren't all running Qubes OS

It's a massive resource hog. I don't have any computers that are capable of running it.

>>950906

>Hate to tell you, faggot, but it's an actual honest-to-God woman.

Nope. She's not one of the loud LOOK AT ME I'M A TRANNY types that seem to be everywhere in tech these days, and she's done a pretty good job of keeping her personal history off the Internet, but she's got a Y chromosome. I forget her "dead name" (as they like to call it) but there was a male Polish computer security researcher who was active in the early to mid 2000s who dropped off the face of the earth, a couple of years before "Joanna" started getting attention in 2006.

Actually, I found what her old name might have been:

https://it.slashdot.org/comments.pl?sid=225078&cid=18230722

>>950906

holy shit... lurk 2 years before your next post. God fucking damn son.

https://encyclopediadramatica.rs/Joanna_Rutkowska

>Why aren't you using Qubes?

>implying

posted from whonix-ws-dvm [disp1482]. i have a foot outside the corporate botnet and it feels nice.

>mfw (ALL) NOPASSWD: ALL and normal OSs still cant compete

>>951051

>citing encyclopedia dramatica as if it's evidence

I edited that shit when I was 12

>>950658

I honestly think it's fine

>>950658

Nothing wrong with it

>>950658

There is literally nothing wrong with x

>>950658

go back to leddit

>>950533

Portage is transitioning to the use of app-portage/gemato for verified of the Portage tree syncing and in the meantime there's webrsync-gpg.

https://archive.is/aZGoG

> Virtualization seems to have a lot of security benefits.

You've been smoking something really mind altering, and I think you should share it.

>>951070

>>951071

>>951072

>>951073

holy shit i cant tell if well-delivered satire or unironic retardation

>>951098

virtualization allows for more effective segregation of information on a single machine, which has many operational security benefits. have different identities on different virtual machines. a similar effect could be produced with multiple real machines instead of multiple virtual machines, but that seems far more expensive

virtulization also means a malware has to at least break out of the virtual machine to be fully powerful instead of just a privilege escalation (which one could debate is almost trivial on windows or linux as they are so common and demanded), hence providing multiple layers of security

there is also a slight 'security by obscurity' bonus for non-targeted attacks

>>950621

Slackware is fine too, although you need to remove pulseaudio from it.

>>951128

That's a mark of well-delivered satire.

Or unironic retardation

>>951135

Qubes is almost too good in its capabilities out of the box. I wonder how far it will be allowed to progress.

>every woman in tech is a tranny

You're almost as bad as /pol/ with their Jew obsession

>>951350

>every woman in tech is a tranny

Only the competent ones. There are plenty of real women in tech, they just suck. That's how I was finally sure that "Isis Lovecruft" wasn't a tranny. I looked at her Tor commits.

>>951464

>Lisa Su is a tranny

Seems legit.

>>950492 (OP)

I will use Qubes when they replace Xen with seL4, Fedora with Alpine or Gentoo, and port it all to POWER9.

Otherwise it's just useless masturbation.

>>951615

>they

Why can't you? Also, you can easily replace Fedora with whatever you prefer today, except in dom0 which has no network access.

>>950631

>You're right, we don't deserve this shitter who doesn't understand the shit he preaches. Remember when segmented memory was his favourite thing of the month?

Segmented memory is still a good thing but not because it's my favorite. It's good because of the reduction in code complexity and memory usage. UNIX weenies hate whenever someone brings up actual numbers like speed and RAM usage.

>He screeched regularly over how much better modern operating systems would be with this crucial innovation, only for another anon to read the paper he was pushing.

The way Multics does it is after the "instead" in this paragraph, not before. He probably confused the old way other OSes do it with the way Multics does it.

http://multicians.org/multics-vm.html

>The fundamental advantage of direct addressability is that information copying is no longer mandatory. Since all instructions and data items in the system are processor-addressable, duplication of procedures and data is unnecessary. This means, for example, that core images of programs need not be prepared by loading and binding together copies of procedures before execution; instead, the original procedures may be used directly in a computation. Also, partial copies of data files need not be read, via requests to an I/O system, into core buffers for subsequent use and then returned, by means of another I/O request, to their original locations; instead the central processor executing a computation can directly address just those required data items in the original version of the file. This kind of access to information promises a very attractive reduction in program complexity for the programmer.

>Turns out that not only did unixhater completely misunderstand the concept, he didn't even realize that Unix had the same shit for ages.

These Multics innovations were ignored by UNIX. There are a few attempts at making UNIX more like Multics, but they're still hindered by the flat memory space of the "abstract" PDP-11 C runs on.

http://multicians.org/multics-vm.html

>The absolute core location of the beginning of a segment and its length are also attributes interpreted by the hardware at each reference, allowing the segment to be relocated any where in core and to grow and shrink independently of other segments.

https://arxiv.org/pdf/1105.1811.pdf

An allocated memory block can be very quickly extended or
shrunk without having to copy memory – a feature which is very
useful for the common operation of extending large arrays and
which is also provided by the proprietary mremap() function
under  Linux.  Kimpe  et  al.  [31]  researched  the  performance
benefits of a vector class based upon this feature and found a 50-
200% memory usage overhead when using a traditional vector
class  over  a  MMU-aware  vector  class  as  well  as  extension
time  complexity  becoming  dependent  on  the  elements  being
added  rather  than  the  size  of  the  existing  vector.  While  the
test employed was synthetic, a 50% improvement in execution
time was also observed thanks to being able to avoid memory
copying.

What will they copy from real OSes next? UNIX weenies are even saying hardware memory tagging is good now. 60s, 70s, and 80s commercially available technology is 2018 "research" for UNIX weenies.

https://arxiv.org/ftp/arxiv/papers/1802/1802.09517.pdf

Memory tagging will not eliminate all memory safety bugs; however, our analysis indicates that
memory tagging, when widely supported by hardware, will help significantly reduce the number
of such bugs and is likely to complicate exploitation of the few remaining ones.

>As the saying goes, those who don't understand Unix are doomed to reinvent it badly.

UNIX was made because "Those who don't understand Multics are doomed to reinvent it badly." Lisp machines and VME were made by people who understood Multics, not superficial parts like the name "ls" and the "-" argument syntax, but the structure of the OS and what the parts do. The only time someone reinvented UNIX badly was Plan 9.

"It's State of the Art!"  "But it doesn't work!"  "That IS
the State of the Art!"

Alternatively:  "If it worked, it wouldn't be research!"

The only problem is, outside of the demented heads of the
Unix weenies, Unix is neither State of the Art nor research!

>>951784

>Why can't you?

I have neither the skill/knowledge nor the time to undertake something of that magnitude.

Particularly porting seL4 to POWER9 and proving it correct.

Do you think everybody on this board are super systems developers who make 7 figure salaries?

>>950492 (OP)

I tired it.

It was way too resource intensive for my 6 year old machine.

Once I get a new 32 core AMD proc, 32 gigs or more of ram, and all SSD / M.2 storage, I may give it a whirl again.

>>951934

Hey MULTICS nigger, what do you suggest people use, right now, that's available today, instead of UNIX based systems? You bitch and moan so much that you've become a parody, and you certainly aren't helping your cause.

>>952335

>Hey MULTICS nigger, what do you suggest people use, right now, that's available today, instead of UNIX based systems?

I've asked him that before, and he never replies. That's when I realized it was best just to ignore him.

>>952344

I've a theory that this loser is a mod or even the BO and is probably Richard Stallman himself.

>>952322

>Drop the "muh wangblows" cancer (really, it makes you sound like a balding goon who still believes he's hip and edgy), stop trying to phrase every feature of stuff you like as a decisive blow against Windows, and maybe someone will actually listen to you someday.

The rest of the board first.

>>950601

inb4 ((()))

>>951138

alsa is ok but has it's limits i.e. recording desktop audio is impossible without a connecting your speaker-out to your mic jack (lmao wtf)

stuck here waiting for pipewire...

>>952385

Why do we need another Tails? heads GNU/Linux also fills the muh completely open source niche so there is no need to fracture the developer community even more.

>>950967

>be CIA nigger

>exploit gentoo machine by MITMing portage sync

>"oh it's a vm"

>open some dusty drawer and plug in a flash drive that contains a zero day for VMs

>escape cucked VM

>start browsing with root privileges

>oh wow this faggot only has some chinese cartoon porn on his computer

>what a loser

>*logs out*

>>952390

Why the fuck tails requires 2 usb sticks? Can't it be installed just with 1?

>>952341

>muh gaemz?

If you're going to post wrongthink on the internet, might as well invest into a console.

>>952412

you can install with one flash drive if you install "tails installer" from ubuntu repositories (or whatever else distro if they have it in their repos). but it was very buggy on ubuntu so i just prefer using 2 usb sticks instead.

you can also just dd the iso (rufus for winfags) on a flash drive but you can't configure persistent storage and can't receive automatic updates in that setting.

>>952403

>start browsing with root privileges

>oh wow this faggot only has some chinese cartoon porn on his computer

lrn2survey. you cant just browse a few directories and leave when its your fucking job

half the fun of using a gov vulnerable system is being a stegenofag and hiding suspicious but legal content throughout your entire house of things. i even have a jpg of a larch tree on my smart-fridge's storage with hello.jpg LSB encoded in it. i even plant that shit on some particularly vulnerable devices in houses and shops i go to. my autistic hobby.

my taxes go towards surveiling commies, not innocent civilians so if you see shitting dick nipples embedded in some landscape photography then get back to work you stalking doublenigger

>>952341

just keep windows on a separate hard drive, problem solved.

two drives with windows and qubes are all I ever wind up using. if I were more autistic id use a customized bsd but default qubes install covers all the basics for tunneling, compartmentalization, etc. I'm quite happy with it.

>>952644

>do any of you guys know how to or if it is possible to create OpenBSD templates on Qubes?

I've never used BSD but you probably can. Might as well try. I'm sure someone would have asked already in a forum.

>>950492 (OP)

I don't have hardware powerful enough to run it. Also systemdicks.