QUBES Friendly Version
95 views
Skip to first unread message
![[NOTIFICATION]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
[NOTIFICATION]
Apr 27, 2020, 8:44:47 PM4/27/20
to
Do you think QUBES is better than COPPERHEAD or does COPPERHEAD have better features than QUBES?
It would be great if you opened up QUBES for worldwide editing and audit and development. Or maybe merge with PARROT or TAILS or OPENBSD or WHONIX to further friendly usability for all people instead of making it so complex for hardcore users without compromising its robust secure foundation?
Reference Source Link: https://copperhead.co/android/
FOOTER~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Express Actual Notice: This message is deemed private or confidential. Unless for criticism or news-report or research or scholarship or teaching or comment or opinion, this message may also be deemed copyright. Due to existence of sophisticated data collection programs globally, assume or presume by default that all digital data associated with this account is subject to intercepts, storage, surveillance or monitoring by intelligence systems and agencies, anytime or anywhere regardless of privacy or security or encryption (EO10995). Sender(s) or agent(s) accepts no liability for any message(s) or its attachment(s). All typing errors are not intended or intentional. Keep sent attachment size less than inbox size of 1 GB. Without Prejudice. All Rights Reserved. Special Deposit.
You are receiving this may due to possible time zone conflicts & to reduce and save forever paper, ink, phone minutes, fax, travel fuel and national-international mail postage expenses, excluding incurred data costs.
Sent with ProtonMail Secure Email.
Sandy Harris
Apr 27, 2020, 11:44:05 PM4/27/20
to qubes-users
Oops. Sent to poster rather than list.
---------- Forwarded message ---------
From: Sandy Harris <sandyi...@gmail.com>
Date: Tue, Apr 28, 2020 at 11:41 AM
Subject: Re: [qubes-users] QUBES Friendly Version
To: [NOTIFICATION] <agen...@protonmail.ch>
'[NOTIFICATION]' via qubes-users <qubes...@googlegroups.com> wrote:
> Do you think QUBES is better than COPPERHEAD or does COPPERHEAD have better features than QUBES?
This is a remarkably stupid question, since their purposes &
environments are quite different. Copperhead aims at securing Android
phones, Qubes at enabling more secure us of workstation or laptop
computers. Many users might need both.
Also "better features" is a poor metric for comparing security
products. Yes, there are necessary features but the main concern
should be solid design & one way to achieve that is to avoid adding
unnecessary features.
> It would be great if you opened up QUBES for worldwide editing and audit and development. Or maybe merge with PARROT or TAILS or OPENBSD or WHONIX to further friendly usability for all people instead of making it so complex for hardcore users without compromising its robust secure foundation?
Qubes supports Whonix VMs & you might be able to run a BSD, Parrot or
Tails in a VM.
Personally, I consider systemd both a mistake & a security hazard, so
I'd like Qubes to use Devuan in Dom0 & support Devuan VMs.
> Express Actual Notice: ... All Rights Reserved. Special Deposit.
Get your f'ing lawyers off my computer!
---------- Forwarded message ---------
From: Sandy Harris <sandyi...@gmail.com>
Date: Tue, Apr 28, 2020 at 11:41 AM
Subject: Re: [qubes-users] QUBES Friendly Version
To: [NOTIFICATION] <agen...@protonmail.ch>
'[NOTIFICATION]' via qubes-users <qubes...@googlegroups.com> wrote:
> Do you think QUBES is better than COPPERHEAD or does COPPERHEAD have better features than QUBES?
environments are quite different. Copperhead aims at securing Android
phones, Qubes at enabling more secure us of workstation or laptop
computers. Many users might need both.
Also "better features" is a poor metric for comparing security
products. Yes, there are necessary features but the main concern
should be solid design & one way to achieve that is to avoid adding
unnecessary features.
> It would be great if you opened up QUBES for worldwide editing and audit and development. Or maybe merge with PARROT or TAILS or OPENBSD or WHONIX to further friendly usability for all people instead of making it so complex for hardcore users without compromising its robust secure foundation?
Tails in a VM.
Personally, I consider systemd both a mistake & a security hazard, so
I'd like Qubes to use Devuan in Dom0 & support Devuan VMs.
> Express Actual Notice: ... All Rights Reserved. Special Deposit.
Get your f'ing lawyers off my computer!
taran1s
Apr 28, 2020, 4:47:40 AM4/28/20
to [NOTIFICATION], qubes-users
'[NOTIFICATION]' via qubes-users:
>
Do you mean the COPPERHEAD the Android project that was previously
developed by Daniel Micay and was stolen from him by his colleague?
Daniel Micay recovered already from the fuck-up and moved on to his new
excellent project GrapheneOS. COPPERHEAD is developer-wise, dead. Check
it please. He is, as far as I know, cooperating with Qubes on an
Android-GrapheneOS template VM.
It is possible to install any of the mentioned OSes like TAILS, or
PARROT in Qubes already. Consider please that the Threat model of these
OSes and its usage varies greatly.
Whonix is a default part of the Qubes already. (??)
While Qubes can seem to be complex and hardcore as you mention, it is
necesssary to understand just few basic rules and facts and you are good
to go. Anything else can be found on Qubes docs easily or ask here and
people just help like pros.
dhorf-hfre...@hashmail.org
Apr 28, 2020, 5:15:12 AM4/28/20
to [NOTIFICATION], qubes...@googlegroups.com
and just to shred that last bit of misinformation the other two
responses skipped ...
On Tue, Apr 28, 2020 at 12:44:38AM +0000, '[NOTIFICATION]' via qubes-users wrote:
> It would be great if you opened up QUBES for worldwide editing and
> audit and development.
just go ahead and edit/audit/develop as much as you want...
Eva Star
May 13, 2020, 6:35:28 AM5/13/20
to qubes-users
Personally, I consider systemd both a mistake & a security hazard,
Can you please share more details about this? Personally, I don't use both of them, but wan't to know.
Steve Coleman
May 13, 2020, 12:34:40 PM5/13/20
to Eva Star, qubes-users
On Wed, May 13, 2020, 6:35 AM Eva Star <evado...@gmail.com> wrote:
Personally, I consider systemd both a mistake & a security hazard,
Can you please share more details about this? Personally, I don't use both of them, but wan't to know.
You use systems if you use almost any flavor of Linux. The systemd is a process that controls so many things on a system that some people joke about it being a second operating system on top of the Linux kernel. The "security hazard" part comes from the sheer complexity of that code, because it is hard to verify and audit the a system.
Just like the old init scripts used to do, systemd basically controls the startup, initialization, and then manages many daemons behind the scenes. You have to just trust that it is going to do the right thing under any particular circumstance.
If a rogue actor changed your configuration it could be difficult to detect in some cases. Gaining a persistent foothold on your system would be a common goal for an adversary and system gives them several ways to do that.
Qubes however uses a read-only system volume so simply adding extra processes to your system is rather difficult to do by using systemd. They really need either dom0 or template access to do this.
--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b40a5604-efe8-4049-8dff-36d5817a438a%40googlegroups.com.
Matt Drez
May 13, 2020, 1:07:58 PM5/13/20
to Steve Coleman, Eva Star, qubes-users
You use systems if you use almost any flavor of Linux. The systemd is a process that controls so many things on a system that some people joke about it being a second operating system on top of the Linux kernel. The "security hazard" part comes from the sheer complexity of that code, because it is hard to verify and audit the a system.
Just like the old init scripts used to do, systemd basically controls the startup, initialization, and then manages many daemons behind the scenes. You have to just trust that it is going to do the right thing under any particular circumstance.If a rogue actor changed your configuration it could be difficult to detect in some cases. Gaining a persistent foothold on your system would be a common goal for an adversary and system gives them several ways to do that.Qubes however uses a read-only system volume so simply adding extra processes to your system is rather difficult to do by using systemd. They really need either dom0 or template access to do this.
Steve,
Though this topic did not pertain to me but I just wanted to command you for your thoughtful response.
Some IT folks can be absolute jerks many times. When someone has a question they respond with a crude, abrupt, uncalled for attitude. Like: "google it", or "use the man pages", or emphasizing that this it just a "basic linux" question. I see that here also sometimes and it really gets under my skin. There is one specific user doing it often but I won't call out names. All that does it makes the person not to want to ask questions and feel like a complete idiot.
I just honestly want to thank you for taking the time and responding to this question in such a postive manner!
Matt
Reply all
Reply to author
Forward
0 new messages