Until you offer a viable alternative I am pretty much compelled to accept this approach as “good enough”.
Neither do Qubes support “confidential computing” with untrusted hypervisor. Why? Because it is enormously complicated task for a desktop system and we have usability issues already, being a small bunch of geeks never accepted by mainstream dekstop community for variety of reasons. And it is ok. What do you expect? Feel free to throw in $20-30M for improvements, we certainly could find a good use for this investment.
At the moment:
Something going wrong with my clean installation from last 24h:
Global settings change themself or not saved, for example error indicated under USB devices that any type of USB device allowed to connect dom0 while settings on “disable”.
fedora-42-minimal and update qube start by themself few times without any reason (updater was inactive)
fedora-42-minimal arrive from repositories with extra packages, for example samba that known for his vulnerabilities.
+1
I really wan’t to share my disk with public
But i can’t normally work for few years
And i can’t see another way
I check all my connections, dump traffic, check all logs, check all syscalls, check all file hashes, sometimes check libs in memory dumps. Attacks is like from air
I have no space with all bu’s and dumps
First time i think it’s after Joanna’s leave. But last time think it’s whonix repos troubles, because i no hear about any case without whonix. For one hand it’s expected correlation, but seriously, no one case
Hey,
Excuse me, disk was’t shipped to QubesOS team because Israel make me believe they take action on right direction.
Few months after, not only technical but also physical terror action continued. Also, Israel tried to use drugs against me in order to “heal” this crazy, and pass me exams where they try to figure out if I still remember and know the truth.
After that “exam” I was fired from cyber security implementer role at integration company, state honeypot…
And now days look for what to do without work, money and under pressure of state terrorism.
QubesOS feel fine, I hard few things that I know as attack vectors and PC work well. Device that was hacked, was with misconfigurations - without SELinux and apparmor on sys qubes.
Also, I believe that guides that offer save same RAM by using minimal templates without SELinux and apparmor for sys qubes are dangerous for users of our community.
Another thing,
I also targated by smartphone vector, and if we talk about Honeypot - maybe GrapheneOS became an one:
likely no. but if you are fearful get a pfsense or wireshark configured on an old laptop between your router and the qubesos and log all connections and packets then decrypt for the https using tls keys . i don’t know where tls keys are stored though. you can also analyze the raw unencrypted data yourself if qubes uses http but it does not to my knowledge. you can also try to conduct traffic fingerprinting if you cannot decrypt data.
and security isn’t the only reason to use the excellent Q system , I no longer have to worry about reinstall OS’s because of some fail point, updates, software , etc; it’s also sort of fun
As a citizens we need to create a game theory that revert the honeypot against the state actors and push ordinary citizens cyber defense/attack to the limit. The expected result in criminal proceeding related to cyber should damage to the national security (backdoors), the state need to do a choice between internal security (crime) or external (war).
