Idea- All in one device
frozen...@gmail.com
---Qubes specific: Make qubes optimized for a smaller screen--useful for all future endeavors to make qubes portable, ideally integrate the projects below somehow.
---Phone Specifics---
I've done a little research on possible ways to achieve the phone side using other projects.
Option 1: Get the librem 5 from purism or flash a regular phone to some linux projects and try and combine software such as xdmx for the monitor half, synergy for the touchpad half-ideally would be possible through usb connection.
Option 2: Flash a regular phone to replicant or lineage os or whatever the most trusted android variant is and combine github projects like linux-second-screen(outdated), and countless mouse ones.
Using the phone as a normal phone: It might be bad security to use the phone radio or wifi or anything(since the phone would be connecting to dom0? as a touchpad) but it would be nice to have the qubes os communicate with the phone os to achieve texting/calling. A more secure version would bypass the phone os or something I guess.
I'll try some of the stuff above when I can (probably the monitor/touchpad seperately) and confirm what works on this monsterous device =p.
-----------------------------
frozen...@gmail.com
Also the above setup would allow what I think would be another cool feature, invisible typing. Put the connected phone in your pocket and use the touchpad to draw out characters, to protect your login password/encryption password.
pixel fairy
this is what ubuntu wanted to do with their touch phone (cancelled) and, i think, where microsoft eventually wants to go. of course, qubes-os would be a lot cooler.
if your looking at a libre-m phone, maybe xen would run on it? if, not then theres lxc/kata containers/qemu etc. do it all from there and maybe qubes-air https://www.qubes-os.org/news/2018/01/22/qubes-air/ when local resources are not enough.
if your looking to help more people than yourself, this is the way forward. we need qubes-os like security on phones more than (most of us) need it on a laptop, unless, maybe, you use your laptop for work. but for most these days, their phone is all they have and they are notoriously compromised.
another cool idea that keeps resurfacing is the laptop phone case. theres even some for raspberry pi (and other fruit boards) speaking of, a fruit board would probably be easier as a prototype interface than a phone.
if you havent seen it, https://blog.invisiblethings.org/2015/12/23/state_harmful.html
pixel fairy
if you trust your phone (enough), throw in keepass2android offline for any secrets and as a typing saver for any other often used long strings.
frozen...@gmail.com
I haven't heard of this laptop phone case(nor did google help me haha), what is that? And thanks for the advice pixel fairy but I think regardless of this idea I'm moving away from android. I think my new approach is to get say a mimo 7 inch touchpad monitor and connect it to an orwl. It would be tablet sized and small enough I can use around the house, to take it outside I'll use one of those laptop sleeve bags I think which I could use to carry my wallet/glasses too. I think I'll need to install something like florence into dom0 for a virtual keyboard and the interface will be clunky but I think usable for a google search, note entering and communication. Also I guess I would have to ditch phone networks and go with like an internet stick or something and use skype->sms or a similar service.
Ideally I would try and optimize each app for that screen size but I wonder if it's possible to do that without then needing to manually apply updates or something to those apps. I wonder if it would be possible to copy apps from whatever os librem 5 is going to use and somehow use them in fedora...but that's probably a stretch lol.
pixel fairy
now i cant find one either. a new one comes out every few years. but i did find these, which might help in your hardware design.
https://makezine.com/projects/build-raspberry-pi-powered-linux-laptop-that-fits-your-pocket/
(slightly bigger)
https://www.thingiverse.com/thing:2091747
> And thanks for the advice pixel fairy but I think regardless of this idea I'm moving away from android.
thats what i figured. ive been thinking about that for a while too, as soon as something more open / compartmentalized comes along. maybe liberm when thats out.
> I think my new approach is to get say a mimo 7 inch touchpad monitor and connect it to an orwl. It would be tablet sized and small enough I can use around the house, to take it outside I'll use one of those laptop sleeve bags I think which I could use to carry my wallet/glasses too. I think I'll need to install something like florence into dom0 for a virtual keyboard and the interface will be clunky but I think usable for a google search, note entering and communication. Also I guess I would have to ditch phone networks and go with like an internet stick or something and use skype->sms or a similar service.
unless im missing something you'd also need networking and some ports exposed in dom0. did you plan to use the tablet as a terminal to the qubes computer or run qubes on the tablet and offload stuff?
you could run xen on the server, qubes on your device, and xephyr(xnest) in an appvm with a vchan over ip client (or chain vchan but that would be scary attack surface) so basically, remote qubes nested in local qubes so you dont expose your devices dom0. or, as above and some remote desktop client.
>
> Ideally I would try and optimize each app for that screen size but I wonder if it's possible to do that without then needing to manually apply updates or something to those apps. I wonder if it would be possible to copy apps from whatever os librem 5 is going to use and somehow use them in fedora...but that's probably a stretch lol.
pureos. its based on debian. there was long a thread about adding some compartmentalization a few months ago. maybe vchan can work in containers if you pipe a unix socket into its filesystem. then youd have something qubes-ish, but with a debian(ish) dom0 and containers instead of xen.
matchbox is a window manager made for small screens. im sure there are others.
Frozentime345
“now i cant find one either. a new one comes out every few years. but i did find these, which might help in your hardware design.” ==looks cool but if it can’t run Qubes I think I want to go pure hardware and no linux→qubes communication. “unless i'm missing something you'd also need networking and some ports exposed in dom0. did you plan to use the tablet as a terminal to the qubes computer or run qubes on the tablet and offload stuff? “ ==I’m too much of a novice to understand the ports stuff(do you mean to share data or something?) but it’s a tablet sized monitor so it can only be used as a terminal. I’m thinking the final product will be the tablet with the orwl taped or glued to the back, enclosed in a case I’ll have custom made to expose the ports and hide the tape. If I get one of the ones with a stand it’ll look like an odd portable tv haha. “you could run xen on the server, qubes on your device, and xephyr(xnest) in an appvm with a vchan over ip client (or chain vchan but that would be scary attack surface) so basically, remote qubes nested in local qubes so you don't expose your devices dom0. or, as above and some remote desktop client.” ==it sounds interesting but I kind of want to expose the touchpad to dom0 so I can use my invisible typing idea, especially since I’ll be bringing it out and about. As for the threat of USB port exposed to dom0 orwl has some security features to help that plus it’ll almost always be on me. “pureos. its based on Debian. there was long a thread about adding some compartmentalization a few months ago. maybe vchan can work in containers if you pipe a UNIX socket into its filesystem. then you'd have something qubes-ish, but with a debian(ish) dom0 and containers instead of xen.” ==Nah pure qubes for life =p “matchbox is a window manager made for small screens. im sure there are others.” ==Cool I’ll try it out! That in fedora + increasing the font size in qubes might make this a fairly usable interface! And here I was thinking fedora wouldn’t have anything non laptopish lol. Also, I could use a kvm switch(for an hdmi monitor, usb mouse/keyboard) and switch between a gaming windows laptop and the qubes os "portable tv" whenever I want, or if it's a small matter just deal with it on the portable tv next to the big monitor and go back to gaming.
frozen...@gmail.com
It comes with a pluggable keyboard/touchpad, and can connect to a monitor(micro hdmi port/usb port).
so a laptop, a tablet and a desktop all in one!
Their other devices are qubes compatible so I'm hoping this one will be too, at the very least it passes every security requirement except TPM(which says TBD).
Well, fingers crossed =).
Tai...@gmx.com
It is a straight up copy that doesn't nothing special - they bribed the
FSF to have it approved as an avenue to peddle their faux-libre laptops
there was long a thread about adding some compartmentalization a few
months ago. maybe vchan can work in containers if you pipe a unix socket
into its filesystem. then youd have something qubes-ish, but with a
debian(ish) dom0 and containers instead of xen.
>>
>> matchbox is a window manager made for small screens. im sure there are others.
>
> so egg on my face haha, it appears the librem 11 by purism(will be released this year maybe) would satisfy the concept of an all in one device(except phone), I didnt think to look for an existing *tablet* mostly because I started with the idea of using a phone for qubes.
>
> It comes with a pluggable keyboard/touchpad, and can connect to a monitor(micro hdmi port/usb port).
>
> so a laptop, a tablet and a desktop all in one!
>
> Their other devices are qubes compatible so I'm hoping this one will be too, at the very least it passes every security requirement except TPM(which says TBD).
initiation, they regularly attack those who criticize their dishonest
marketing and take statements from RMS/FSF out of context to make
themselves look good.
Do NOT buy from them - there are a variety of much better options out
there that are fast and *actually owner controlled*.
Intel systems will never be free - ME can't be disabled only nerfed.
Their phones will probably have no real modem isolation as they haven't
mentioned that yet (which is a core feature on any "secure" phone) and
thus be pointless...
Any paid shills care to pipe up and tell me I am wrong? try removing the
ME blob from your laptop and see how "chip by chip to be user
respecting" it really is.
Frozentime345
I'm interested in what these alternatives are that are actually owner
controlled, are they compatible with qubes hardware requirements like
vt-d and whatnot? Google is no help(at least from my first effort)
except for minifree which had no removable tablet or small device.
And it's worth noting I'm not buying from purism because of their
promised privacy actually(this is just a side perk that they are
"somewhat" private), I'm buying because the specs and price on the
tablet match my goal of qubes on the go that can transform back into a
laptop. So I'm also interested in any alternative tablets(even just
normal tablets) with good specs if you know of any?
Right now I see them as the best out of all the bad options, but if you
can shed some light on another solution to qubes on to go I'd be glad to
hear it =). I have all the time in the world(I have neither the money
nor is the device released to market yet XD).
Tai...@gmx.com
> Ugh I keep clicking reply instead of reply to list LOL, sorry taiidan.
>
> I'm interested in what these alternatives are that are actually owner
> controlled, are they compatible with qubes hardware requirements like
> vt-d and whatnot?
AMD-Vi and IBM's POWER arch term is POWER-IOMMU
Google is no help(at least from my first effort)
> "somewhat" private)
> tablet match my goal of qubes on the go that can transform back into a
> laptop. So I'm also interested in any alternative tablets(even just
> normal tablets) with good specs if you know of any?
it has open source hw initiation and the ME can be nerfed.
This is much cheaper and it runs qubes great, they can be obtained for
around $100 plus whatever upgrades you want - I suggest SSD+RAM and an
X220 keyboard/arm-rest if you hate the chiclet keyboards like I do.
In comparison the puri-craptop has no open source hw hardware initiation
and the ME can't be nerfed as much, one also supports further
anti-feature developments by purchasing new intel/amd hardware and of
course their dishonest marketing that has set back the computing freedom
movement by years.
Coreboot Regular laptops:
G505S (owner controlled, no ME/PSP - blobs for video power management
and EC but are replaceable due to no hw code signing enforcement
anti-features - has open source hw init for ram/cpu unlike puri-crap)
Libre-coreboot Workstation/Server:
KCMA-D8
KGPE-D16
These two are the last best owner controlled libre firmware X86 boards,
they have no ME/PSP and they feature OpenBMC for secure libre remote
management (vs the never-security-updated exploit filled proprietary BMC
firmware)
^^^ all run qubes 4.0 really great
The OpenPOWER9 TALOS 2 is also an really cool option for your non-qubes
virtualization needs, it costs less money and is faster than a intel/amd
server/workstation with proprietary firmware
> Right now I see them as the best out of all the bad options, but if you
> can shed some light on another solution to qubes on to go I'd be glad to
> hear it =). I have all the time in the world(I have neither the money
> nor is the device released to market yet XD).
money D: D: D:
Frozentime345
"It sucks being broke right? so much stuff you want to buy and so little
money D: D: D:"