Yes, because there wasn’t a need until recently. Who could’ve thunk even a year ago that fxcking LINUX of all things would be targeted like this? Now that there is a need it should gradually become more common. My point is we need to expedite this process if we want a chance to save ourselves before it’s too late. It’s only going to get worse from here. If you don’t see the existential threat to the things you care about yet, whatever that may be, online or offline, you will soon.
You betcha! I’ll see you there brother. Any particular category?
I take responsibility for that. I like to think that we are both heading
off to Camelot following our own paths. If I have given a different
impression, accept my apologies.
(I would have sent a PM but I do not believe I can via email, and perhaps
a public statement is better in any case.)
I was clearly mistaken about your knightly name - you are Sir Bedivere.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
But my best attempt to get this point across might be Legal Jurisdiction Comparison Table. It contains practical, real-world examples of U.S. law enforcement action against foreign people and companies.
I hope you are not saying we should be afraid not to be captured and transported blindfolded in Nike sweatsuit and red shoes. Without the unlawful actions of Assange and Snowden many privacy and security projects wouldn’t even exist.
This has literally been my plan for this year, an offline sys-portage with catalyst to build templates.
If you plan to do something similar here are a few suggestions from my past experiance doing this on a xen system(non qubes):
Create a “base” configuration with crossdev, the etc/portage folder should be stored in /configs/base
Create a “sys-net” and overlayfs mount the base at the bottom and sys-net above that ,/configs/sys-net
Create a “personal” or whatever config at /configs/personal and do the same, repeat for every template you are going to use
Make sure that either(the easy route) A you use a unified make.conf file with -* at the start of the use flags(paradoxically -* is the easy route), or 2 create a make.conf.d folder for each template and so you can have files like /configs/base/etc/portage/make.conf.d/00-base.conf /configs/sys-net/etc/portage/make.conf.d/10-sys-net.conf etc etc, the same goes for folders make package.use and package.mask or package.unmask
Make sure you use the same profile for all your templates OR create a custom one whatever it is you like, if you use multiple profiles(although i dont advice it) mount your templates under /configs/glibc/ /configs/musl-hardened/ etc etc
You are going to live hell of earth if you plan to use both glibc and musl, in case you do so I advice you either create a sys-portage-glibc and sys-portage-musl or you create a different chroot for each and go with the original option
Lastly the best part is that you can forego installing any dev packages in your templates and just pull updates from sys-portage, at the end of the day you will should have service vms that are more lightweight then apline itself.
The best part is that you can compile updates for critical vulnerabilities days to weeks before mainline distros like debian and fedora, unique use flags protect you from most buffer overflows unless someone gets access to your /configs folder and compiles the packages on their computer and run attacks on the packages there, last 2 things are the fact that you can probably run qubes as is since gentoo(afaik) can emulate systemd on top of openrc or worse case scenario you can use both openrc and systemd and after the system boots you can kill systemd.
What I liked about this and decided I would build it at some point this year is the fact that IF gentoo/openbsd or gentoo/freebsd ever get revived and IF openbsd and freebsd domus are ever supported in qubes then you have the infostracture ready to mix and match kernels however you like with a few changes here and there in the configs, but a man can only dream that someone will ever “sponsor” these 2 projects in such a way
Edit: Is CODE itself protected under free speech? I think this setup would completely cockblock such regulations if that is the case, since you dont aquire an “app” you are acquiring the code and you ARE(technically) the developer at that point as far as the law is concerned(ps im not a lawyer)
I think the biggest threat in this case is repositories themselves, I an see a future where package repos like npm, pip and the like are scrutinized, more then they are now, we might see talks in hackathons where people will be advocating for decentralized code and package repositories in IPFS, maybe “highly secure” distros will use git via i2p to make code changes.
I know this is ironic but I welcome this change, laws like that completely magnify authoritarian govs and will in turn help the community to grow, it had saddened me a lot that most of the opsec guides in software I ever found I had to find through psudoanonymous bloggers and “dark-net” posts but these things are either about to change or the definition and size( or both) of what “dark-net” is is going to dramatically change the upcomming few years, which might actually allow us to live the old internet again with less bots and more humans, ironic
On another point, I would definetly not mind if there was an general “id verification” but in a decentralized database and by doing “math”, if someone could develop a homomorphic encryption style program where the user has control of the private key though a yubikey or something and just “sings in” using that that would be great, in scenario where such a program was developed the community(and their lawyers) could put a lot of backlash to goverments to give users what they want, the only thing the goverment could say “yah no lol we want to spy on you”, the whole point is that we have come to this breaking point of “i know what you want and you know that I know what you want and yet you still pretend that this is not happening” kind of situsation, I dont understand are there that many sheep at this point that they think this act works or are they continuing this act so aggresively because they know people are waking up
Edit: Yet again if someone developed something like that we would have a reason to overthrow the goverment because in that case we could have a decentralized democracy with anonymous voting
That stuff seems to be on another level entirely. I don’t think that risk exists at this very time.
I would hope that it is. But might require operating system providers being non-compliant, risk extremely heavy fines and be willing and able to fight this in court.
I hope it’s still applicable nowadays. In recent cases, Samourai Wallet and Tornado Cash, it seems it hasn’t worked out that well for their developers.
Ive already made my ideals clear, but if we contingency-plan for a situation where this DOES get implemented in Qubes, wouldnt it also be… effectively meaningless?
A ‘age verification’ qube with no network vm, no software, some xfce template… should be trivial to route AV data to other VMs as needed…
