is Qubes OS good? on one hand seems comfy to be able to easily run code in separated virtualized enviroments, i have to work in many projects and it's annoying setting up safe separated environments for each one so i don't mix it with my stuff. on the other hand Qubes OS seems to be full of women, pronouns, and trannies which makes it suspicious
>>100156671GrapheneOS when Android gets fully working desktop mode and VMs, will be just as good, but actually usable.
>>100156671Yes, it's the best operating system there is. I've been using it daily for more than 4 years. There is nothing else that compares in security or even convenience for some things (like running multiple apps in isolated environments with different levels of network access and routing)>Qubes OS seems to be full of women, pronouns, and tranniesThis is a hallucination, that's simply not true. I would know.P.S. Nobody on /g/ uses Qubes (I've posted qubes threads before and got no replies) so don't trust any reply after this one.
>>100156726i guess i will try it, i have a PC that is doing nothing might a well give it a whirl, i never liked how clunky is to isolate a random project that i want to try in normal Linux, you can do separated users, or docker, but clunky and not so secure
>>100156671i like to think so. i havent made the change because i think that due to some QOL changes i would have to make, i would end up compromising something or making all the isolation redundant. something like a clipboard sharing.>>100156726could i import qemu/kvm hosts into qubes?
>>100156858>something like a clipboard sharing.is there an safe alternative to this? like having 1 shared file, or similar?
>>100156726>straight up lies about the women and trannies and neglects to point out the founder is also a woman
>>100156880>the founder is also a womana vegan woman
>>100156858>something like clipboard sharingSome QoL changes are needed but this isn't one of them. You can press ctrl+shift+c to copy to a global temporary buffer, then ctrl+shift+v to paste into another qube.>could i import qemu/kvm hosts into qubes?Not sure what you mean by hosts, but you can import guests, you just have to set them to a special mode
>>100156858>could i import qemu/kvm hosts into qubes?Qubes uses Xen so no
its fucking shit, the last 2 years were spent on shitty gui instead of architecture improvements, bloated garbageBuy a thinkpad x230 and install heads. Write protect the flash chip. Put nail polish on the screws and take high resolution pictures to ensure signs of tampering. Do NOT use a HDD or SSD. They have DMA so a malicious firmware could do a lot of damage, use of USB is preferred since they do not have DMA. Completely remove the microphone, sound card, webcam and the WWAN card from the laptop. Remove the fan to prevent binary acoustic data transmission. Replace the default wifi card with a supported atheros card. Disable wifi when not in use, preferably by physically removing the card. Make your own independent Linux distro from scratch. Most Linux distros value convenience over security and will thus never have good security. Your only option is to make your own. Use musl instead of glibc, Libressl instead of openssl, sinit instead of systemd, oksh instead of bash, toybox instead of gnu coreutils to reduce attack surface. Enable as little kernel modules as possible. Use a hardened memory allocator. Apply strong SELinux and sandboxing policies. Restrict the root account heavily to make sure it never gets compromised. Disable JavaScript and CSS in your browser. Block all FAGMAN domains in your hosts file. Monitor all network requests. Do not use a phone. Never speak near anyone who owns a phone, they are always listening. Never use any non-corebooted technology made after 2006. Never leave your devices unattended. Tape triple layer aluminum foil all around your room as tempest shielding. Type really quietly as defense against audio keylogging. Use ecc ram to minimize rowhammer and rambleed. Encrypt everything multiple times with various different encryption implementations. Compile everything from source. Use hardened compilation flags. Always read through the source before installing something if possible. Only use the internet when absolutely necessary.
>>100156941What the fuck
>>100156941Based, I do all of this.
>>100156941>Buy a thinkpad x230 and install headswhat's heads?
>>100156941>its fucking shit, the last 2 years were spent on shitty gui instead of architecture improvements, bloated garbagedo you have to use a specific GUI on Qubes OS? can't you just use any window manager?
>>100157009github.com/linuxboot/headsyou are welcome and enjoy
>>100157023you can use any window managerthe gui i am talking about is one for qubes tools such as qubes-update-gui qubes-app-menu which someone got paid 10k to do and doesnt scale properly
>>100156941alpine linux does most of the distro things except libressl
>>100157023>do you have to use a specific GUI on Qubes OS?The GUI lives in a custom Fedora install on an airgapped VM called dom0 that doesn't have access to network hardware, so it's not trivial to install a new WM
>>100157040>qubes-app-menu which someone got paid 10k to do and doesnt scale properlytbf 10k is like 1 month of work for a decent engineer in the US, not enough time to finish a complex project
>>100157042thats wrong, also no personal selinux profiles etcDistribution-compiled kernels also have public kernel pointers / symbols which are very useful for exploits. Compiling your own kernel will give you unique kernel symbols, which, along with kptr_restrict, dmesg_restrict and other hardening against kernel pointer leaks, will make it considerably harder for attackers to create exploits that rely on kernel pointer knowledge.you should make your own distro to get the maximum, no package manager just pull when building iso
>>100157059>Compiling your own kernel will give you unique kernel symbols, which, along with kptr_restrict, dmesg_restrict and other hardening against kernel pointer leaks, will make it considerably harder for attackers to create exploits that rely on kernel pointer knowledge.so Gentoo was right all along?
>>100157055>1 monthMaybe for a junior position lmao.
>>100157055the money was paid from qubes donations, for something thats worse than previous versionall the donated money should have gone to improving security and not shitty 1 panel with 10 buttons gui that should have taken 1 week to finish
>>100157068perhaps but designing distro from scratch is just more secure than any other distro because everything will be personalized hence you can allocate alot of thought to security you just have to know what you are doing
>>100157059>dmesg_restrict and other hardening against kernel pointer leaks>https://git.alpinelinux.org/aports/plain/main/linux-lts/lts.x86_64.configall packages are also compiled as PIE with stack smashing protection
>>100157106read first sentence in the post dummy>all packages are also compiled as PIE with stack smashing protectionlol 2 compile flags enabled pathetic, you can do more than that yourself
is there a middle ground?running various users on a normal linux install and ssh -X / x2go / vnc etc into that user?
>>100157158chroot for each software project if you want isolated sysroot and toolchain
>>100157129i assume you dislike the lack of MAC, but otherwise openbsd ticks all your boxes
>>100157192i use my own distro, and i copied some ideas from openbsd i guess so theres thatwaiting for hyperbolabsd to become real to steal more ideas
>>100156880>womanyeah, totally a female >>100147762
>>100157239it's like 3 pixels in that video, i can't tell, doesn't the Qubes OS allegedly women founder do paid speeches? there should be video somewhere but i can't find it, so it's a 100% tranny project?
>>100157275That or her twin brother Jan died in a freak Windows 2000 rootkit accident and she decided to take up his cape as a security researcher. You decide which is more likely
>>100157444difficult to think a tranny not being a CIA plant, makes the security of the OS very suspicious
>>100157527it literally uses NSA redhat fedora linux in dom0 literally backdoored malware KEKfollow >>100156941 for uncensored security
>>100157553>it literally uses NSA redhat fedora linux in dom0 literally backdoored malware KEKSnowden was also an operation from the CIA against the NSA and recommends it, very suspicious
>>100157239Are you sure that's the same person?Just wondering.
>>100157620It's the same person, Jan and Joanna. It's a tranny.>Joanna Rutkowska is a female security researcher who authored a controversial Blue Pill "100% undetectable" backdoor. She is enjoying genuine recognition for her technical contributions, but is also basking in the glory afforded by one of the very few female information security geeks out there. She even got a pink-themed fan-site. Unfortunately for fan-club members, her sex might be a more complext issue than previously thought.>Until July 2003, a computer security researcher Jan Krzysztof Rutkowski used his school-provided e-mail account at Warsaw University of Technology (jkrutkowski@elka.pw.edu.pl) to publish various security materials on Windows kernel rootkit hiding and detectionSee https://web.archive.org/web/20070208025303/http://www.rutkowska.yoyo.pl/
>>100157704seems confirmed and obvious
>>100156941Yeah I'm thinking based
>>100157054Installing an alternative WM is easy:> $ sudo qubes-dom0-update i3 i3-settings-qubeshttps://www.qubes-os.org/doc/i3/
The biggest usability issue with Qubes I've found is that many applications now depend on hw accelerated video and don't have great fallbacks. Firefox's Webrender compositor is way slower in software mode. It makes things like video playback choppy. OpenSCAD, Prusaslicer, google maps, etc are all very slow. This problem is only going to get worse. Qubes also kills battery life but I don't really care about that.https://forum.qubes-os.org/t/4k-videos-in-browser-and-software-rendering/13855/5https://forum.qubes-os.org/t/4k-videos-in-browser-and-software-rendering/13855/5
>>100158602>missing gpu hardware accelerationthat sounds annoying
>>100158651If you didn't realize there'd be no gpu acceleration then you probably had no idea what qubes OS is and therefore you aren't its user case
>>100159361i want to run separate projects in separate enviroments, seems like Qubes OS should be good at that, which is quite clunky to do in normal Linux distributions
>>100159778Qubes isn't a Linux distribution
>>100159798i don't care what it is, just what it does
>>100156726>running multiple apps in isolated environments with different levels of network access and routingThere is no reason anyone needs to do this
>>100156941Are on-screen keyboards + mouse a good defense against audio keylogging?
>>100158533>GNOME is not supporteddropped
>>100160262i have to work in different projects created
>>100160297i guess they could listen to mouse button clicks and try to estimate something from time between clicksthe trackpoint on thinkpads is basically silent so they shouldnt be able to track mouse movements but needs personal testing to verify this claimon screen keyboards also fall against tempest aka antenna pointed in direction of your display cable to recreate screen remotely from emf leaksso i recommend wrapping your display cable in tinfoil then in some isolation so you dont short motherboard if its inside a laptop
Qubes has some shitty things like no hw acceleration, some usb things can be a pain to setup (like android adb), you are kinda stuck between kde, xfce or i3 and sometimes can feel a bit clunky, but for me it's totally worth it, I couldn't isolate the different activities and identities without it. you should compare it to having multiple pcs instead of a single linux install
>>100160262You're telling me you can't see the utility in having an application using a VPN, an application connected directly to the internet, and an application with no access to network hardware, all running together on the same system at the same time in the same WM?
>>100160579bloat and complicatedyou dont need all of this when you dont run malware (non free software) on your computer, which qubes is based on
>>100160606Retard
>>100160579Its called split tunneling and firejail. You dont need to VM every application. That just created more complexity and overhead for no reason. You can do it all using small user space tools
>>100160798
>>100160798qubes is non free software, this retard is running malware which has around 500mb of binary blobs and 20 mil loc in the name of security, ignore him
>>100156941>>100156986neither of you do any of this
>>100160976jealous because you are below
>>100160986below this dick faggot
>>100156671It's made by a troon
>>100157055>>100157078https://opencollective.com/qubes-os/expenseshttps://github.com/QubesOS/qubes-desktop-linux-menuhttps://github.com/ninavizzhttps://github.com/marmartaUX work for: 4.2 AppMenu / 4.1 Settings / Website updates to promote paid support, clearer community support, improve FAQ, reduce direct-to-team emailsfrom nina eleanor alter to Qubes OS • November 22, 2021$3,910.00 USD
>>100156726Nice.Do you have a good performance? Which hardware do you have?
>>100161179https://forum.qubes-os.org/t/pronoun-setting/25723/18AND MOST IMPORTANTLY BEST MEMEhttps://seclists.org/dailydave/2010/q3/29
>>100156671It seems cool, but I couldn't figure out how to use my VPN so I gave up on it.There's lots of cool operating systems but sometimes they're just too hard to be worthwhile for me
>>100160826I accept your concession