When i want to install qubes i have to spend a whole DAY to verify the ISO. But imagine instead of a monetary blockchain, a data blockchain which holds the same iso forever! No one can change the contents unless of a 51% attack. Imagine you load up this blockchain and you download qubes, there would be no need to verify/trust/etc. You just load it and download anything, all the hashes already verified by the blockchain. It is similar to the web of trust but instead of people trusting a hash,key it verifies the whole iso/code. Imagine a world where the only person who has to verify the iso is the one who uploads the file in to the imaginary blockchain. Would you users like to see it in the future?
I thought I was the only one using the amazing Commodore 64 to verify the ISO.
5 Likes
For it to work, every Qubes OS user should be a miner and then maybe some monetisation of downloading so it will maintain server costs.
AFAIU …
The process stands or falls on the fact that no one comes out of nowhere, rents more GPUs/CPUs than you … in the cloud … just for a short time, and then overrides your accounting.
In this context, how would one defend against rejected transactions from “big players”? Or against “cartel formation” by e.g. states that, despite having very different political objectives, agree on the “fact” that QubesOS ISOs are “evil stuff”?
Please, please KISS!
The idea comes with many flaws like the monetisation, and all the people that would need to deploy the blockchain. But this idea is purely hypothetical, imagine every file,piece of code, etc. is 100% untampered! I have just installed qubes on another device and it was a big pain in the ass to verify.
Why, though? After you’ve downloaded the files and learned how to do it, the actual verification should take only a few minutes at most.
It would be a waste to store the entire ISO in a blockchain when you can just store a hash of it instead. You also don’t need to invent a new blockchain. It would probably be better just to use OpenTimestamps instead.
But now I need to authenticate the blockchain instead. This doesn’t remove the need for me to authenticate something; it just changes which thing I need to authenticate. Blockchains aren’t magic. They use public-key cryptography, which is exactly what we already use to authenticate Qubes ISOs.
It sounds like what you really want is just a program that automates most of the steps involved in authenticating the Qubes ISOs (and maybe also the qubes-secpack), like the suggestions in #6191.
4 Likes