Oddbean

"Linux being secure is a common misconception in the security and privacy realm" #QubesOS is a much better security-focused alternative based on #Xen and #Linux that implements a security by compartmentalization approach. Qubes allows you to "organize your digital life into compartments called qubes." i.e. instead of running one kernel, qubes isolates all functions into separate virtual machines using the Xen hypervisor. https://image.nostr.build/a4975f25db239ccce965f2779d9dcad606b49653b502bac98ff723d7d6bfed04.jpg check it out here: https://www.qubes-os.org/ #opsec #infosec #privacy #cybersecgirl #linux #qubesos nostr:nevent1qqst96tsjej9qj2wqhp2np738d2z26daqhd9pgeclefd9wmrxuallespp4mhxue69uhkummn9ekx7mqzyzqhzjxrdyq42sqmf9zcppclkpty5ha2lw29fqf7722lyurteye4jqcyqqqqqqgcdfr3k

i'm sure it would. since qubes is a meta os, you can install openbsd as a qube if you want, but imo it has nothing comparable to using disposable vms in qubes. i like openbsd. the community is amazing and are actually turning it from a server os to something that can be used on desktop. it's just not secure out of the box, you have to harden it which defeats the purpose for most users

💯 openbsd is really cool. and yes, it's "secure by defult" is awesome but def not for general users and it also means services that most people want in a daily driver turned off by default. imo, it's a excellent os to install in qubesos.

If qubes is the first Linux distro you ever see, yeah that’s going to be a steep learning curve. More to the point I think the cybersecurity concepts is missing from them grasping how and why to use it. You spend hours on FB and Insta? Cool, keep doing it. Set up a qube just for that with only a web browser and a firewall that only connects to those two sites. A lot of attack surface is gone instead of letting it all hang out doing that in the same browser as your banking and email. That I think is the bigger knowledge gap rather than the UI of qubes.

I hear you. Though I wouldn't accuse Qubes OS of encouraging a false sense of security. No OS is without vulnerabilities. Qubes OS assumes vulnerabilities and has been designed under the assumption that they will be exploited. Xen security advisories are tracked on qubesos website. "Qubes OS uses the Xen hypervisor as part of its architecture. When the Xen Project publicly discloses a vulnerability in the Xen hypervisor, they issue a notice called a Xen security advisory (XSA). Vulnerabilities in the Xen hypervisor sometimes have security implications for Qubes OS. When they do, we issue a notice called a Qubes security bulletin (QSB). (QSBs are also issued for non-Xen vulnerabilities.)" https://www.qubes-os.org/security/xsa/ https://www.qubes-os.org/security/qsb/ "In building Qubes, our working assumption is that all software contains bugs. Not only that, but in their stampeding rush to meet deadlines, the world's stressed-out software developers are pumping out new code at a staggering rate — far faster than the comparatively smaller population of security experts could ever hope to analyze it for vulnerabilities, much less fix everything. Rather than pretend that we can prevent these inevitable vulnerabilities from being exploited, we've designed Qubes under the assumption that they will be exploited. It's only a matter of time until the next zero-day attack. In light of this sobering reality, Qubes takes an eminently practical approach: confine, control, and contain the damage. It allows you to keep valuable data separate from risky activities, preventing cross-contamination. This means you can do everything on the same physical computer without having to worry about a single successful cyberattack taking down your entire digital life in one fell swoop. In fact, Qubes has distinct advantages over physical air gaps. Made to support vulnerable users and power users alike Qubes provides practical, usable security to vulnerable and actively-targeted individuals, such as journalists, activists, whistleblowers, and researchers. Qubes is designed with the understanding that people make mistakes, and it allows you to protect yourself from your own mistakes. It's a place where you can click on links, open attachments, plug in devices, and install software free from worry. It's a place where you have control over your software, not the other way around. (See some examples of how different types of users organize their qubes.) Qubes is also powerful. Organizations like the Freedom of the Press Foundation, Mullvad, and Let's Encrypt rely on Qubes as they build and maintain critical privacy and security internet technologies that are in turn relied upon by countless users around the world every day. Renowned security experts like Edward Snowden, Daniel J. Bernstein, Micah Lee, Christopher Soghoian, Isis Agora Lovecruft, Peter Todd, Bill Budington, and Kenn White use and recommend Qubes. Qubes is one of the few operating systems that places the security of its users above all else. It is, and always will be, free and open-source software, because the fundamental operating system that constitutes the core infrastructure of our digital lives must be free and open-source in order to be trustworthy."

It's QubesOS meant for general, ordinary users like me, @Ava? Does it require any specific hardware configuration? I think that's what compelled me too stay apart from testing it. But that happened years ago. I've to check the recent situation.