Oddbean new post about | logout
 Linux being secure is a common misconception

Comments ( https://news.ycombinator.com/item?id=38422186 )

https://madaidans-insecurities.github.io/linux.html 
 "Linux being secure is a common misconception in the security and privacy realm"

#QubesOS is a much better security-focused alternative based on #Xen and #Linux that implements a security by compartmentalization approach. Qubes allows you to "organize your digital life into compartments called qubes." i.e. instead of running one kernel, qubes isolates all functions into separate virtual machines using the Xen hypervisor.

https://image.nostr.build/a4975f25db239ccce965f2779d9dcad606b49653b502bac98ff723d7d6bfed04.jpg

check it out here:
https://www.qubes-os.org/

#opsec #infosec #privacy #cybersecgirl #linux #qubesos
nostr:nevent1qqst96tsjej9qj2wqhp2np738d2z26daqhd9pgeclefd9wmrxuallespp4mhxue69uhkummn9ekx7mqzyzqhzjxrdyq42sqmf9zcppclkpty5ha2lw29fqf7722lyurteye4jqcyqqqqqqgcdfr3k 
 OpenBSD would like a word 
 i'm sure it would. since qubes is a meta os, you can install openbsd as a qube if you want, but imo it has nothing comparable to using disposable vms in qubes. i like openbsd. the community is amazing and are actually turning it from a server os to something that can be used on desktop. it's just not secure out of the box, you have to harden it which defeats the purpose for most users 
 What are your thoughts on PopOS?  It’s at least very easy to use… where I think Qubes is a long way off from being usable by ‘normies’ 
 If qubes is the first Linux distro you ever see, yeah that’s going to be a steep learning curve. More to the point I think the cybersecurity concepts is missing from them grasping how and why to use it. 

You spend hours on FB and Insta? Cool, keep doing it. Set up a qube just for that with only a web browser and a firewall that only connects to those two sites. A lot of attack surface is gone instead of letting it all hang out doing that in the same browser as your banking and email. 

That I think is the bigger knowledge gap rather than the UI of qubes. 
 run a stable OS (long term releases) that you can learn so you can lock it down 
 Xen can give false sense of security too, there was years undiscovered vulnerability that allowed escape from domU to dom0. 
 I hear you. Though I wouldn't accuse Qubes OS of encouraging a false sense of security. No OS is without vulnerabilities. Qubes OS assumes vulnerabilities and has been designed under the assumption that they will be exploited.

Xen security advisories are tracked on qubesos website.

"Qubes OS uses the Xen hypervisor as part of its architecture. When the Xen Project publicly discloses a vulnerability in the Xen hypervisor, they issue a notice called a Xen security advisory (XSA). Vulnerabilities in the Xen hypervisor sometimes have security implications for Qubes OS. When they do, we issue a notice called a Qubes security bulletin (QSB). (QSBs are also issued for non-Xen vulnerabilities.)"

https://www.qubes-os.org/security/xsa/

https://www.qubes-os.org/security/qsb/

"In building Qubes, our working assumption is that all software contains bugs. Not only that, but in their stampeding rush to meet deadlines, the world's stressed-out software developers are pumping out new code at a staggering rate — far faster than the comparatively smaller population of security experts could ever hope to analyze it for vulnerabilities, much less fix everything. Rather than pretend that we can prevent these inevitable vulnerabilities from being exploited, we've designed Qubes under the assumption that they will be exploited. It's only a matter of time until the next zero-day attack.

In light of this sobering reality, Qubes takes an eminently practical approach: confine, control, and contain the damage. It allows you to keep valuable data separate from risky activities, preventing cross-contamination. This means you can do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop. In fact, Qubes has distinct advantages over physical air gaps.

Made to support vulnerable users and power users alike

Qubes provides practical, usable security to vulnerable and actively-targeted individuals, such as journalists, activists, whistleblowers, and researchers. Qubes is designed with the understanding that people make mistakes, and it allows you to protect yourself from your own mistakes. It's a place where you can click on links, open attachments, plug in devices, and install software free from worry. It's a place where you have control over your software, not the other way around. (See some examples of how different types of users organize their qubes.)

Qubes is also powerful. Organizations like the Freedom of the Press Foundation, Mullvad, and Let's Encrypt rely on Qubes as they build and maintain critical privacy and security internet technologies that are in turn relied upon by countless users around the world every day. Renowned security experts like Edward Snowden, Daniel J. Bernstein, Micah Lee, Christopher Soghoian, Isis Agora Lovecruft, Peter Todd, Bill Budington, and Kenn White use and recommend Qubes.

Qubes is one of the few operating systems that places the security of its users above all else. It is, and always will be, free and open-source software, because the fundamental operating system that constitutes the core infrastructure of our digital lives must be free and open-source in order to be trustworthy." 
 This read gives me serious creeps. Really solidifies why airgapped cold storage is an absolute must. I see funds stored on lightning nodes differently after reading this. Up for grabs so to speak.

This read humbles a person who thinks they have a decent understanding on security topics but isn't a professional in that field.

nostr:nevent1qqst96tsjej9qj2wqhp2np738d2z26daqhd9pgeclefd9wmrxuallespp4mhxue69uhkummn9ekx7mqzyzqhzjxrdyq42sqmf9zcppclkpty5ha2lw29fqf7722lyurteye4jqcyqqqqqqgcdfr3k