/tech/ - Technology★

>>952648 (OP)

Just use OpenBSD. Qubes is a meme.

Qubes is too mainstream.

>inb4 hipster

>>952648 (OP)

They are different use cases, so it's difficult to compare. If you can get everything you need done with base OpenBSD and the small selection of packages that have been coded to the same level, might as well keep it simple. If you need more flexibility, go Qubes.

>Also, is it possible to create and run openBSD templates on Qubes OS?

Think so but haven't tried.

Illumos

>>952673

Linux is too mainstream. Use mach kernel.

>>952648 (OP)

>Which operating system do you guys think is the most secure?

Secure against what? Absent a threat model, your question is meaningless and any answers you get are also meaningless.

>What I really mean I guess is which operating system provides the best security and anonymity for its users upfront,

The only OSs that provide any anonymity "upfront" are Tails and heads. Unless you count Whonix. Anonymity is not an OS-level concern with the exception of obvious bad actors like Microsoft, whose entire OS is a spying platform.

Any OS "provides anonymity" if you disconnect it from the internet.

We need to make a qubes competitor that uses sel4 I stead of xen and openbsd instead of fedora.

OpenBSD's "security" is a meme that is based on applying only one specific technique to mitigate only one specific issue under only one specific condition (relentless code auditing to mitigate RCE exploits, so long as you use the default configuration only and don't install any other software which is completely unrealistic). Only /g/ memers who don't even use it think it's the best. Last time I looked into it, it didn't even have proper FDE. It's a complete joke unless you're using it in a very specific context (like running it on a router). It's worthless for actual general computing.

Meanwhile, Qubes is merely a reasonable implementation of a broadly applicable security principle (security by isolation) that can effectively and securely adapt to basically any practical context imaginable, including even stuff like using Windows 10 without Microshit spying on you. And with formally verified kernels like seL4 gaining in popularity, it's only going to get even better. The Qubes model is not merely superior to OpenBSD's "security"; it makes it irrelevant.

The only security you need is a secure hypervisor. If you think you've been infected, just reload your current VM from its template (which in Qubes means simply restarting it), and the infection, whether it really existed or not, is gone automatically and verifiably no matter what (unless your hypervisor is broken but that's outside of the security model's scope). The "good enough" security standard of most code (which will never change because most devs are lazy pajeets) thus actually becomes good enough when you put a proper hypervisor isolation condom over it.

Anyone even seriously comparing the two just demonstrates their own ignorance. Though with a bit of sprucing up, OpenBSD could perhaps make a decent template for many purely functional VMs in Qubes such as sys-net, sys-firewall, sys-usb, dom0, etc. It probably wouldn't be that much better than Hardened Gentoo though, and implementing that would be a lot less work.

inb4completelyfuckingmoronictheoderaadtusenetcommentscreenshotfrom2008

>>952741

Qubes includes Whonix integration by default.

>>952648 (OP)

What makes OpenBSD particularly secure? Is it just security through obscurity + BSD kernel benefits, or is there more to it?

>>952741

>Secure against what? Absent a threat model, your question is meaningless and any answers you get are also meaningless.

this. if you want secure against the user themselves, what is the best OS? that is a legitimate business concern

>>952750

what the fuck seL4 isn't a hypervisor and is overadvertised as secure by the marketing team. how many hardware platforms is it verified on?

>>952759

>how many hardware platforms is it verified on?

It just got verified on x64.

>seL4 isn't a hypervisor

It's a microkernel that heavily supports virtualization. The difference between that and a hypervisor is miniscule.

>>952652

using any OS for securirty is a meme. opecsec is always a bigger problem

>>952703

>increase your _fingerprint_ uniqueness goy that'll show us, ehrm, them!

Gentoo

>>952768

https://boards.4chan.org/g/

>>952767

Faggotry is too mainstream, so stop being a faggot.

>>952763

>It just got verified on x64

hey that's pretty cool. didn't know that

fun fact: qubes team got pissed a while ago after a bunch of xen paravirtualization vulnerabilities and i recall them claiming they were working towards making it able to work on other hypervisors.

that seL4+OpenBSD plan may be feasible by just forking or tweaking qubes.

>>952766

>using any OS for securirty is a meme. opecsec is always a bigger problem

true but opsec is hardly effective if your adversary can just pwn your device

>>952767

>implying uniqueness reduces security

browser uniqueness may affect privacy, sure, but i dont want to use chrome on windows to legitimately blend in

>>952795

Browser fingerprints are pretty easy to forge. There's several plugins for it that I'm aware of. Probably more.

>>952795

>true but opsec is hardly effective if your adversary can just pwn your device

If your adversary does not see your device as an interesting target he will not pwn it, that's half of the point of opsec.

The other half is being able to say "you can't prove anything", but it's best not to reach that point.

>>952816

If you tune your fingerprint to a browser that doesn't support a certain compression algorithm but your browser still sends requests to use that algo, this creates a whole new unique identity that opens up to some OPSEC nightmare. Better use Tor Browser and call it a day.

This information was originally posted by another anon but I'm posting it again in case you didn't see it.

the one on a computer with no internet connection

It would be great if Qubes moved to or started supporting sel4 builds. The one thing Xen does have going for it is that it's used heavily by a lot of big names, so there's a vested interest in its continued development and security.

temple os

>>952967

Correct, although seL4 is ideal iirc Qubes team went with Xen for its greater support for hardware and the like. There've been discussions years back about this very topic, but in the end they went with greater compatibility.

https://groups.google.com/forum/#!msg/qubes-users/tz_945JPpJ8/6g0orvWyG9UJ

Though really, most OS' are secure enough provided you're not an idiot installing things from ads. These security threads get pretty autistic honestly. You're shitposting on an imageboard, not managing trillions in financial flows. If you want the most secure system out there, find out what Fedwire or SWIFT run on, probably something proprietary with a team of highly-paid devs on it 24/7.

Perfect security doesnt exist thou

https://www.youtube.com/watch?v=C1EJvDU2Ek4

>>953113

TempleOS has never had a security breach as far as i know

>>953099

>If you want the most secure system out there, find out what Fedwire or SWIFT run on

Probably some mainframe OS thing like AS400, system Z, etc. Quite secure by virtue of the fact most of the millenial skiddies won't have the slightest fucking clue how to operate it, and learning to do so is nontrivial.

>>953247

I have a friend that works for a major US bank and they use an IBM mainframe z/OS. He had to learn jcl to work with it. What a language.

>>953264

I've played around with z/OS on an emulator. It's neat as a curiosity but dear god everything about it seems tailor-made to be an obtrusive pain in the ass.

It's like none of the last 30 years of UI improvements made it in there. You have to do shit like manually move your cursor, one character at a time, to the very beginning of a text entry point, or else your input is rejected. Tabbing between fields is for fags.

>>953302

>It's like none of the last 30 years of UI improvements made it in there.

That might have something to do with the insane backwards compatibility z/OS has. Remember, this is an operating system originally made in a time when it was cheaper to pay a workers salary than buy a computer. It's also why jcl is so complicated and verbose. The cheap programmers are supposed to do most of the work, and the expensive computer just does the heavy lifting the humans can't do.

>wank about muh secure OS

>you're compromised by Intlel's ME anyway

nice LARP my friend :)

>>953122

TempleOS has no networking, encryption, or security that I know of. There's nothing to break.

>>952648 (OP)

The current release of Qubes needs modern pozzed x86 hardware to do anything useful, so that's out.

>>952757

>OpenBSD's "security" is a meme that is based on applying only one specific technique to mitigate only one specific issue under only one specific condition (relentless code auditing to mitigate RCE exploits, so long as you use the default configuration only and don't install any other software which is completely unrealistic). Only /g/ memers who don't even use it think it's the best. Last time I looked into it, it didn't even have proper FDE. It's a complete joke unless you're using it in a very specific context (like running it on a router). It's worthless for actual general computing.

Go back to /g/ you glow-in-the-dark nigger piece of shit. OpenBSD has the best FDE because you can actually encrypt the whole drive, including /boot.

>>957156

there's no version for PowerPC?