Need some clarification after my first Qubes OS install

Hi,

I just finished my installation and everything seems to work fine, but I have some questions right on that I can’t find answers at the moment and would appreciate if you can help.

  1. When installing the OS I selected to combine sys-usb and sys-net, does that mean I’m exposed now to rubber ducky threats and such?
  2. The docs seems to be out dated, is this project dying or something like this? I really hope not and this is something due to budget/not many volunteers etc.
  3. Despite the how-to guides in the docs, is there any good guides/tutorials for the new guy to step in? I really liked the “New user guide: How to organize your qubes”, but it feels incomplete in a way, as there’s “no code”, no practical guide on how to actually make this templates and qubes.
1 Like

Hi @SpaceDaddy, welcome to the Community! I’m glad you decided to try Qubes OS!

  1. There are some existing discussion about it, e.g., this: How to combine sys-usb with sys-net.

It would be helpful if you told us exactly what is outdated in the docs. Also:

This project is very much alive, see the work being done in Qubes Issues. Also, see discussions on this forum. Apart from that, the project does suffer from the lack of volunteers.

You can install templates, or clone an existing template using Qube Manager or qvm-clone and modify it to your liking. You can also use Qube Manager to create a new AppVM based on any existing template. If you have a particular question on how to implement something, feel free to ask it here. See also: Command-line tools | Qubes OS.

3 Likes

Maybe I missed it, but I couldn’t find how exactly this compromise security and should I be concerned to put USB(not mine) into my laptop.

How to enter fullscreen mode, for example.
qubes-os org/doc/how-to-enter-fullscreen-mode/

Glad to hear that, as this is the only OS I could find that is actually talking security/privacy objectively.

The problem is Qubes is not an ordinary operating system. The Qubes developers are not writing the whole OS but reusing a lot of things from others. For example, Xen is used as the hypervisor, Debian and Fedora are used as the operating systems in the VMs by default, and Fedora 32 is currently used in dom0 for managing the VMs and GUI.

The latter defines how your GUI behaves. For example, hitting Alt+F11 makes a window go full screen and hitting Alt+F3 gives you a menu for choosing which app to run. You cannot possibly put all Fedora, Debian, Xen documentations into Documentation | Qubes OS, this would not make it more readable. So for non-Qubes-specific questions users should go to the docs of the corresponding distribution. Perhaps, the above text could be added to the FAQ (which is already very long).

I am happy that you also think this way. I agree with you.

I said that there are several discussions on this topic and only linked one. You could use the search on this forum to find more discussions. I guess this one should be more helpful: Which one is more secure: "sys-usb" or "sys-net as sys-usb"?. In short, all your usb devices will have the access to the Internet. Doesn’t it make you less secure? See also Device handling security | Qubes OS.

4 Likes

I was talking about Qubes OS related code:

global: {
  # default values
  allow_fullscreen = true;
  #allow_utf8_titles = false;
  #secure_copy_sequence = "Ctrl-Shift-c";
  #secure_paste_sequence = "Ctrl-Shift-v";
  #windows_count_limit = 500;
};

Yeah, I do know how to search, I just didn’t figure out if Qubes OS is vulnerable to this type of attack if sys-net and sys-usb are used together, that’s why I asked.

I don’t find this statement accurate. What does it mean if Qubes OS is vulnerable? I’d rather say dom0, and that means that it is vulnerable as Xen is, at least. And that makes it way ahead of other OS’s in terms of security, but still “reasonably”.
When any VM, except templates, they’re already considered compromised by Qubes OS philosophy.