Suggestions as a user
41 views
Skip to first unread message
acharya.sa...@gmail.com
Aug 12, 2020, 10:23:27 AM8/12/20
to qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello guys, I would like to suggest a few changes and while you may not have them in qubes by default, I ask you to give an option to the users such that they be able to make it easily.
With GUI VM coming in 4.1, I request you to have linux-libre in dom0. Linux-libre for every template by default would be even better and certainly my choice. (atleast Freedora instead of Fedora). KDE instead of XFCE would be a better default option since it provides a better UI. It provides a premium feel and is a level above XFCE. Shifting focus to GNU recommended OSes like Hyperbola, Parabola, Guix is also a step ahead in my view.
I state this because GNU has also had an aim to make a completely free software to be used on a computer. While they approach with security by correctness and by actively trying to demotivate nonfree software, I feel they might not get to the end. Also, they don't make it difficult for the user to install a problematic software by mistake like Qubes does. If Qubes combines such OSes (especially recommend Hyperbola, they are highly critical of any contaminating packages) with it own security by compartmentalization, it will be a step ahead.
Thanking you
Sagar Acharya
P.S. I dream of having a stateless computer (Joanna 2015) with libreboot+Qubes having HyperbolaBSD in dom0 and Parabola, Guix and Hyperbola as available template VMs, with plasma as a DE. That would be ideal and a nightmare for malicious crackers.
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEEeMyXyyr6L/PtWnZUnZv6jjOfaEIFAl8z+voACgkQnZv6jjOf
aEJqFwv9Eb8RioP2sHOp91g2AtNxCRXcs88HvrJYwCBJWPuQBqAax+yWIcgB24F0
bmYsHewPWPYzguOVZ565C1ma1PbmAjUi0UYriv4ddstEbWpKnX6I2VtfsTeCpP9s
j3NtDBXtbQXEAY+10soubiNm/CjLNNaCYidgkubnOXaXHAIgUukIchINA/Zxp/dz
aw8VNapGzoayCFDATiz8rJXYCI4eGe3mRngjAcsXVNwPoxPVnUlMlGAf8RzRUXle
/dsczJvk6jgyQoYETWgntfqG+er0dZm6D3whN4rVxqtqxO+9SR1rwi5Fi5Ly4AS3
yEeWo7fum7x6stJnp1N5CnQENN0heqev2qEcsvMniq1MRuGnKit4AmP8H2mVSwtm
Oor2W6vZCivMB4dPkoeSBZ+zjjkPQwb5x3ljBoa3465BGeXnAGxblfW3RFM50Ml7
yQsxN3G1FsrGOcwz5GpdSzDCm7sMF/0P77VYBqtTgBEkSvOI/gWLEIeIHWzi7oAT
enJPiihw
=61lG
-----END PGP SIGNATURE-----
Hash: SHA256
Hello guys, I would like to suggest a few changes and while you may not have them in qubes by default, I ask you to give an option to the users such that they be able to make it easily.
With GUI VM coming in 4.1, I request you to have linux-libre in dom0. Linux-libre for every template by default would be even better and certainly my choice. (atleast Freedora instead of Fedora). KDE instead of XFCE would be a better default option since it provides a better UI. It provides a premium feel and is a level above XFCE. Shifting focus to GNU recommended OSes like Hyperbola, Parabola, Guix is also a step ahead in my view.
I state this because GNU has also had an aim to make a completely free software to be used on a computer. While they approach with security by correctness and by actively trying to demotivate nonfree software, I feel they might not get to the end. Also, they don't make it difficult for the user to install a problematic software by mistake like Qubes does. If Qubes combines such OSes (especially recommend Hyperbola, they are highly critical of any contaminating packages) with it own security by compartmentalization, it will be a step ahead.
Thanking you
Sagar Acharya
P.S. I dream of having a stateless computer (Joanna 2015) with libreboot+Qubes having HyperbolaBSD in dom0 and Parabola, Guix and Hyperbola as available template VMs, with plasma as a DE. That would be ideal and a nightmare for malicious crackers.
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEEeMyXyyr6L/PtWnZUnZv6jjOfaEIFAl8z+voACgkQnZv6jjOf
aEJqFwv9Eb8RioP2sHOp91g2AtNxCRXcs88HvrJYwCBJWPuQBqAax+yWIcgB24F0
bmYsHewPWPYzguOVZ565C1ma1PbmAjUi0UYriv4ddstEbWpKnX6I2VtfsTeCpP9s
j3NtDBXtbQXEAY+10soubiNm/CjLNNaCYidgkubnOXaXHAIgUukIchINA/Zxp/dz
aw8VNapGzoayCFDATiz8rJXYCI4eGe3mRngjAcsXVNwPoxPVnUlMlGAf8RzRUXle
/dsczJvk6jgyQoYETWgntfqG+er0dZm6D3whN4rVxqtqxO+9SR1rwi5Fi5Ly4AS3
yEeWo7fum7x6stJnp1N5CnQENN0heqev2qEcsvMniq1MRuGnKit4AmP8H2mVSwtm
Oor2W6vZCivMB4dPkoeSBZ+zjjkPQwb5x3ljBoa3465BGeXnAGxblfW3RFM50Ml7
yQsxN3G1FsrGOcwz5GpdSzDCm7sMF/0P77VYBqtTgBEkSvOI/gWLEIeIHWzi7oAT
enJPiihw
=61lG
-----END PGP SIGNATURE-----
unman
Aug 13, 2020, 10:03:39 AM8/13/20
to qubes-users
Unfortunately linux-libre is not something I could endorse - removing
the tests and warnings about known CPU vulnerabilities, on the spurious
ground that a user might just want to install microcode to enhance their
security, makes it unfit for a security focussed distro.
The same applies to libreboot, which has the added incoherence of
advocating updating EC firmware, while blocking CPU microcode.
As to the rest, I support KDE because it allows users to more easily
control the Qubes Menu - a major pain point for many - and provides
Activities, which meld perfectly with the use of Qubes security domains.
The OS you recommend are interesting, but Qubes has to be as usable as
possible with a wide reach, and I'm afraid a focus on free software
alone wont help there.
It would be simple to incorporate those OS into Qubes as templates,
(with extra work for a BSD hyperbola), but what would be the benefit for
most users, who need non-free blobs to get their machines working?
Don't let me put you off: it's a worthy aim, and will hit a small set of
users.
acharya.sa...@gmail.com
Aug 14, 2020, 10:00:02 AM8/14/20
to qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
But one can't trust Intel right? How can one be sure that tests and warnings generating code is not malware. Open code is the 1st requirement for security right?! I don't think hidden security enhancing code is really enhancing security.
Qubes is an extremely secure OS and with RISCV processors coming, Qubes should go towards removing trust from hardware. Atleast it should have option (another ISO, say qubes-libre.iso) for fully free software going ahead. Trusting Intel would be optional going ahead due to RISC-V cores or other open processors. And if not, Qubes should make their life difficult as much as possible by choosing linux-libre by default. Parabola is a perfectly usable OS, and so is hyperbola(it has few packages though). I use it on a flash drive. Except WiFi rest of the things work.
I strongly think there is no unreadable code for security. There is only unreadable code or security. While the whole concept of qubes lies on protecting against malware by trusting it less, with free hardware ahead, having an option for no hidden code and actively preventing user from installing hidden code in most doms is impressive.
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEEeMyXyyr6L/PtWnZUnZv6jjOfaEIFAl82mJ4ACgkQnZv6jjOf
aEJFAQwApx6DuXLubFvoGdcdc9HCjuCvoHJWgpwRMEKMcjslUu7gQQ9enpPXCRjG
PoCRczy6mCpPwpqquhK3Sbj/I/wnsmtH+sDkHf1HXLw/DX5eX88xiKTUeAdTTUPZ
DE563CViX5DriVDJ1jwDjUkyAc3mtjFF85sMOBAWhEZTYd5067OB6IBUUMXGWtQq
ssoxTTos/4xGwAQqAWs+A7d14vBU42ga6KY5XQBq3hhCo/JxqKqKq4CZwfuEB+p2
Ipmwtu0GSevcT7CwljEZdkIWTDYQy5NTJOi2g/viZly0GK2YOHh8MEiJyRXmNgua
qOaQ/rC/JX7coYMOLM69UUE1fD+2bG/VdcGNNUxfyT3NgGM/ydygPLoGJxaWMPfa
1E0/xmVqEKfOKmOt75nkHQ7znG/GDT/gqO2zFbWGubLp5dxOxu07m1xKESfXaHRm
Q0qrPCyYEjqtCTjBSTCxVLW4K474UlOP+g4CvYlg2gFVJdN7ZwVTlbPidXtHDZxY
pDXpyw8L
=UIF8
-----END PGP SIGNATURE-----
Qubes is an extremely secure OS and with RISCV processors coming, Qubes should go towards removing trust from hardware. Atleast it should have option (another ISO, say qubes-libre.iso) for fully free software going ahead. Trusting Intel would be optional going ahead due to RISC-V cores or other open processors. And if not, Qubes should make their life difficult as much as possible by choosing linux-libre by default. Parabola is a perfectly usable OS, and so is hyperbola(it has few packages though). I use it on a flash drive. Except WiFi rest of the things work.
I strongly think there is no unreadable code for security. There is only unreadable code or security. While the whole concept of qubes lies on protecting against malware by trusting it less, with free hardware ahead, having an option for no hidden code and actively preventing user from installing hidden code in most doms is impressive.
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEEeMyXyyr6L/PtWnZUnZv6jjOfaEIFAl82mJ4ACgkQnZv6jjOf
aEJFAQwApx6DuXLubFvoGdcdc9HCjuCvoHJWgpwRMEKMcjslUu7gQQ9enpPXCRjG
PoCRczy6mCpPwpqquhK3Sbj/I/wnsmtH+sDkHf1HXLw/DX5eX88xiKTUeAdTTUPZ
DE563CViX5DriVDJ1jwDjUkyAc3mtjFF85sMOBAWhEZTYd5067OB6IBUUMXGWtQq
ssoxTTos/4xGwAQqAWs+A7d14vBU42ga6KY5XQBq3hhCo/JxqKqKq4CZwfuEB+p2
Ipmwtu0GSevcT7CwljEZdkIWTDYQy5NTJOi2g/viZly0GK2YOHh8MEiJyRXmNgua
qOaQ/rC/JX7coYMOLM69UUE1fD+2bG/VdcGNNUxfyT3NgGM/ydygPLoGJxaWMPfa
1E0/xmVqEKfOKmOt75nkHQ7znG/GDT/gqO2zFbWGubLp5dxOxu07m1xKESfXaHRm
Q0qrPCyYEjqtCTjBSTCxVLW4K474UlOP+g4CvYlg2gFVJdN7ZwVTlbPidXtHDZxY
pDXpyw8L
=UIF8
-----END PGP SIGNATURE-----
unman
Aug 14, 2020, 11:38:10 AM8/14/20
to qubes-users
On Fri, Aug 14, 2020 at 07:00:02AM -0700, acharya.sa...@gmail.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> But one can't trust Intel right? How can one be sure that tests and
> warnings generating code is not malware. Open code is the 1st requirement
> for security right?! I don't think hidden security enhancing code is really
> enhancing security.
I dont think you understand.
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> But one can't trust Intel right? How can one be sure that tests and
> warnings generating code is not malware. Open code is the 1st requirement
> for security right?! I don't think hidden security enhancing code is really
> enhancing security.
If a user *does* have an Intel processor then they are stuck with known
vulnerabilities. They trust Intel already, so trust the microcode
supplied.
The tests and warnings are in the Linux kernel.
Libre kernels remove them so that users wont be tempted to use non free
microcode, although they are *already* using non free microcode. i
think this is incoherent, and haven't seen any persuasive arguments.
In my opinion users should be given all the information they need to
make an informed choice.
Open code is not the 1st requirement for security. It isn't even one of
the requirements, although it may be desirable.
There are many examples of free software where the bugs and security
flaws remain open for years.
Sometimes people talk as if they think that closed source programs dont
get any review. This simply isn't true,(although sometimes with
Microsoft in the past, one might think differently.) I've worked with
development teams where the code is crawled over in depth by professional
auditors, but the product is closed source.
>
> Qubes is an extremely secure OS and with RISCV processors coming, Qubes
> should go towards removing trust from hardware. Atleast it should have
> option (another ISO, say qubes-libre.iso) for fully free software going
> ahead. Trusting Intel would be optional going ahead due to RISC-V cores or
> other open processors. And if not, Qubes should make their life difficult
> as much as possible by choosing linux-libre by default. Parabola is a
> perfectly usable OS, and so is hyperbola(it has few packages though). I use
> it on a flash drive. Except WiFi rest of the things work.
point.
>
> I strongly think there is no unreadable code for security. There is only
> unreadable code or security. While the whole concept of qubes lies on
> protecting against malware by trusting it less, with free hardware ahead,
> having an option for no hidden code and actively preventing user from
> installing hidden code in most doms is impressive.
To make things clear, I'm an advocate for free software, but that has
nothing to do with security. In some cases, the advocates for free
software and linux libre have no regard for the security of end users.
That's wrong.
Reply all
Reply to author
Forward
0 new messages