Why are you here?

… and things like 33-year old vulnerability in the so called most reliable OS like OpenVMS is claimed for, and that was discovered only in 2017, just assure us how much we actually need Qubes.

1 Like

But took some 33 years until someone found out :slight_smile:

1 Like

You answered that in your second point:

Every day, I find myself wanting to make videos, but I’ve never made one. I don’t even own a video camera. Every day, I’m tempted to buy one from Amazon, and learn how to make videos, but then I back off, because no matter how well you make the video, somebody will always complain about something “you can never please all the people all the time”. Nobody likes getting kicked in the teeth “no good deed goes unpunished”. I’m still tempted though. It will be a huge time sink.

Qubes needs videos IMHO, to break out of the hidden gem basement.

1 Like

In addition, videos go out of date when the software changes, and it’s not as easy to update a video as it is to update a text document. We’ve had some community members make really high-quality video walkthroughs in the past, but you’ve probably never seen them if you weren’t following Qubes back then. We had to remove them from the website because no one wants a walkthrough for an old, unsupported release that no one is using anymore.

I tried to make the idea of compartmentalization more clear :-): Meme about an unsinkable raft

2 Likes

2 posts were split to a new topic: Backing up my qubes-VMs is soo sloow,

Could not have said it better myself.
Unfortunately, we are far past that point were we can be passive and be left alone.

3 Likes

TBH, I’m here because I finally was able to get Qubes to run. I’ve been wanting to for a while. I have been hacked once by a hidden root change by a major tax software company that was trying to prevent theft. It trashed my hard drive. That was a deliberate hack, and I have never gotten rid of that chip on my shoulder over that one.
Every other time I have been knocked off using my computers has been a crappy update that scrambled my boot.
With friends like that, who needs enemies?

I don’t have a clue on using Qubes yet, but its only been a day or three. I’ll hit the manuals and get up to speed soon. I am really looking forward to being able to minimize problems with compartmentalization. I have been playing in untrusted containers to get a handle on them before stepping up to actual sensitive, private areas.

Trust doesn’t have to broken by malice, incompetence works too.

2 Likes

Welcome.

Tell us more. Sounds very interesting.

A simple story. The Tax program (TaxAct) changed some settings in the root to show that I had a legit copy of their software. The problem was that I had a multi boot loader that used that same bit (bit 33). In the ensuing mess, the skew and blocks of the hard drive were scrambled… The cheapest solution was to buy a new hard drive.

The deliberate hack part was going into root and making changes on the sly. It was a big scandal at the time (2003), in the computer world, but I was basically told to screw off over my trashed drive. It would cost more to fight it, so I had to suck it up. I was poor at the time, and losing my computer while going to school, losing notes and files was pretty stressful. It was a business decision on their part.

It jaded me.

2 Likes

I don’t expect to be completely untraceable. I’m not untraceable when I walk down the street in town. Anyone can witness almost anything I do. Even if I took care to do something private in an isolated area away from prying eyes, anyone who was sufficiently motivated could potentially spy on my doings. It would just take a lot of effort and resources to do it covertly. It’s significantly easier to track someone and data mine them from a computer. I want a digital presence that has similar risk factors to in-person encounters or as close to them as I can get. I shouldn’t have to sacrifice my privacy/security for the convenience of using the Internet, or even just a computer, any more than necessary. Most people put the entirety of their digital lives in the hands of the likes of MS, Google, Apple, and others without even realizing it and most of those who do realize it (in my experience at least) don’t care. I just not down with that. Not going to feed the beast any more than I need to. Also, given the increasing political polarization of my country where saying the wrong thing online to the wrong person could potentially cost you your livlihood. I’d like to minimize that risk, so having whonix built-in was a major draw. And I was already transitioning to a VM-based workflow before Qubes to protect against viruses and poor decisions; having an operating system that existed purely to run virtual machines in which I did all my actual work. Qubes does the same thing, but does it better and more efficiently. It was a no-brainer.

1 Like

Ahah this one, so paradoxically funny yet philosophical ^^

Until someone spoke publicly about it ? ^^

Ok, I wont quote more because I’ll quote the entire discussion, almost liked all posts ^^ I’m sure people will recognize in my post the reference to their posts !

In short, I’m here for (not ordered by preference) :

  • security & privacy
  • compartmentalization
  • learning
  • not reinventing the wheel with own “once-thought-to-be-secure-but-finally-not-at-all” solutions
  • comparing Qubes to my dom0 Qubes-like system
  • fun !

Now the longer version ^^

Summary

I’m an IT pro by trade, but enthousiast by passion. (Un)Fortunately I have other passions and correctly splitting time between them is not easy ! I’ve more often than not spent a lot of time inventing my own solutions because I was for sure understanding them, and maintaining them was easier, so I thought !
But sometimes, it’s easier and faster to learn quickly an already made solution than to creating it.
Also, you can then rely on specialists who really master their specific thing, so you end up with better solutions, especially when talking about security. I don’t want anymore to come up with my own solutions to realize a year later “wait, that wasn’t secure at all” !
As a sysadmin, things are already difficult enough to make them work correctly, but when you add security to the mix … Time, where did you go ?! As we’re not lobsters, I think that time is the most valuable thing we have in life ! It’s the only thing we can’t buy ! ^^ Well, one of at least.

Also, as a paranoid-type of user, I spent way to much time about how to conceal my digital self from others. I read all the Mitnick books, and a lot of security articles. Is that level of hiding really necessary ? Haven’t I more funny things to do ? As a regular joe and posing no security threat to anyone, who am I an interest to ?! But hey, even through permanent introspection you cannot totally change who you are ^^

About compartmentalization, apart from being more secure, what I like about it is a better organization of my (digital) life. It started years ago on Firefox (abbrev. FF), when I learnt that you can create several profiles, and run them at the same time. I have too many interests to keep one bookmarks toolbar and browsing history efficiently. So I kinda did on FF what Qubes does on the OS. I have a profile for each of my activities/interests (banking to astronomy, through IT, etc, Qubes users know what I mean), totalling to more than 30 profiles. I even had to create an app to handle this mess (an AHK-based FF launcher for Windows which provides a nicer and easier GUI than the default one, and changes the FF app icons to recognize the different running profiles, in the taskbar or on the desktop). But from the security POV it’s lame : all profiles share the same FF install ! And “autoconf/mozilla.cfg” is only helpful for common settings. So here comes Qubes to the rescue !

About documentation

Following 2§ are a bit off-topic, as they relate to documentation, but as other users mentioned it.

Summary

Concerning the video things, I know that’s the trend nowadays, but I don’t really like that. I read way faster than the video plays (even at 2x with helium-based voices), and reading in diagonal is way easier than watching in diagonal ! Moreover, as others said it’s harder to maintain and to create. But I understand some like learning from vids so it’s only my POV ! And the more help the better, whatever the support.

My 2 cents would be creating “meta” starting guides to display the existing guides differently. Qubes is such a particular system (uses its own concepts AND commands/tools/wrappers) that the leaning curve is kinda steep, even for guys like me at ease with IT/Linux/Xen/sysadmining, so new users feel a bit overwhelmed.
Do not misunderstand me, the documentation is exceptionnaly detailed and well made ! And I was a wiki editor when Slackware started “docs.slackware.com” 10 years ago, so I can compare ! The problem is, you can’t read a single guide without opening like 5+ new tabs for new things to learn ^^
Maybe there can be a “New users” section, with the -most- important articles one should read. What I really miss is a chronological order : in what -priority- should I read the articles ? Of course, priorities are different amongst users ! That’s why I think, adding “meta articles” could help. (Like a “really quick start guide to run a FF Qube” with “dumbed down”/linked steps, etc).

Ok I may have forgotten things, but I’ll stop, long enough post ffs … Sorry ! ^^

1 Like

go on, please elaborate

Well I don’t know if that should be discussed here ?
You can read a summary of my setup in the 1st § of this post, and maybe comment there, so I don’t pollute here with my own thing ^^

1 Like

I am here not because I am a target (far from it). But my technical background has me paranoid about anything anyway. I am unfortunately now too busy to have time to setup as many things as I want to from scratch, so to have a compartmentalized system with Virtual Machines with immutable base templates that I can also customize for my use drew me to it. I have not been disappointed.

Qubes OS is Snowden approved™ – not to be excessively dramatic or flamboyant but anything that is Snowden approved™ demands dedicated time and attention to understand properly. It’s how I discovered GrapheneOS (which for me is good enough to keep my SIM card in for daily use, and helped me stop using a feature phone for my SIM card), started using a password manager (KeePassXC), and now keep my Tails USB sticks updated every month.

Now using Qubes OS is my target long-term goal for main OS in the future (if I ever get my hands on a fresh, proper, and compatible laptop with 16GB of RAM…).

Here are some actual reasons why I am trying Qubes OS and will use in the long-term:

  • There’s an encrypted built-in backup system (even if it’s OS specific). This makes me less fearful of moving to new hardware whenever the occasion arrives.
  • Qubes OS embodies an additional higher abstraction layer of using a computer, making the experience fresh and new. This is the first OS that I actually had to stop, think, and realize through (my short) experience that was fundamentally different than how I’ve been using computers all my life.
  • I’d like to submit some HCL reports for any of my laptop hardware that can at least boot up Qubes OS.

I always try to remember why I’m learning Qubes OS: to learn about security and to try to make discussing the topics privacy and security easier to the people around me. I don’t expect them to harden Qubes OS tomorrow, let alone Qubes OS being appropriate for everyone, but progress has to start somewhere – even if Qubes OS may not be the final destination 10 years from now. An effort has to be made to push what’s already good to be better.

Additionally, I have a daytime background in STEM/the sciences, so it offers a constant counterbalance that consistently reminds me that I have “other things to do”. This privacy, security, and anonymity exploration is just a hobby I explore in my free time. Other people who are far more qualified and talented than me in these topics (especially in software engineering level programming) are actually making measurable progress.

1 Like

BACKGROUND

  • I grew up on beige Macintosh machines. The first Linux distro I ever used was YellowDog Linux when I was 5. My first RHEL install was RHEL 2. Ever since then, I have Linuxed a Gamecube, PS2, several kitchen appliances, as well as every single PPC, x86, MIPS and ARM machine in the entire house (including solar-powered rackmounts, with the solar equipment running on Linux too).

  • I do not have any qualifications in anything computer-related. I’ve just been using the stuff exclusively as a daily driver since I was a toddler.

  • I run a company where Qubes OS is installed by default on all work machines, including the servers (yes, we house everything on-site, including a Qubes repo mirror!), so I have a vested interest in bug-fixing and feature improvement. The least powerful work machine we give employees has an i7-10710U and 64GB of RAM (trust me, they need them…), so they’re not chromebooks. I didn’t want to operate the “centralized cloud” model for work machines, so we synchronise them regularly and take backups, but they can also operate as local independent machines. I also wanted employees to be able to use their work devices for non-work purposes without getting pwned. I can’t let all those resources go unused, and Qubes OS works amazingly well for this!

The golden rule: “Don’t be a blockhead in dom0 or the work qube, and the rest is all yours!” :slight_smile:

  • I have been pwned in the past. I have had cryptominers and RATs placed on my machines both remotely and via rubber duckies. I have had cameras and microphones remotely activated. I have had ransomware transferred over by friends’ devices who connected to my home network. Since all the devices were Linux and BSD-based, they went mostly unscathed. My dad’s Windows-based work laptop would get messed up quite often, though, but I couldn’t fix it because his IT department locked it down :stuck_out_tongue:

  • I have been forced to surrender laptops at international border checkpoints, they have usually come back with some very suspicious things done to them, and I wanted to find a way to protect myself. Unfortunately I cover all my screws with nail polish (it cracks if the screws have been tampered with)

  • I know very well what can be done with computers and networks if you know how, and you are creative and don’t mind getting a little hacky.

PERSONAL VALUES

  • I believe that no third party should ever be able to know anything about you unless your consent. This consent can be both express and implied. For example, if someone manages to record me in public, then they’re entitled to that. But if I’m in my own house, with the curtains closed and the door locked; then I don’t believe any third party should be able to enter my house unless it’s on my terms.

  • I’ve heard the “if you’re not doing anything illegal, you shouldn’t be so worried about devices spying on you” spiel one too many times.

WHAT I LIKE ABOUT QUBES OS

  • I like being able to “distro-hop” without having to wipe my SSDs to try a new distro.
  • I wanted to find a way to use an absolute beast of a work laptop for personal use without compromising the work stuff. Our work machines are incredibly beefy, and I would hate for all that raw power to be wasted on just admin…

WHAT I WANT TO DO

  • Assist in getting Qubes OS running on ARM, allowing ports to M1 Macs, Raspberry Pis, Smartphones, etc.
  • Assist in tweaking Qubes OS for use with touchscreens and stylus pens.
  • Assist in the documentation, auto-setup, OEM install/setup, and ease of use of Qubes OS.
  • Set up some dedicated machines of different models that would be able to be remotely controlled by the Qubes devs to test their code on.
  • Find a way to show the general public that security doesn’t necessarily mean compromise, and that Qubes OS is the best solution so far.
  • Assist in any other way I can
3 Likes

I live in the dystopian states of america in 2022. I reside in the authoritarian state of texas. I am not a fascist. I am not completely ignorant or oblivious. Enuff said?

I was looking for a hardware/software combination that would allow a reasonable level of online privacy/security without breaking the bank and with a good level of community support.

First thing: multitasking to the max!
The exact time I’m writing this post I’m working in an office in one domain, which has microphone and camera connected and in another domains I chat with friends on Discord, Element.io, Signal and on Slack.
All that’s completely separated and I need not to worry about exfiltration of my work data in case something bad happened.

I also utilize Qubes-specific goodies such as split-gpg for additional security and… easier backups. It’s like using a smart-card I can copy to my backup drive any time I want.

Security is crucial to me as I store valuable assets on this laptop and am worried that someone might want to steal that data. Though I’m not worried about three-letter agencies since they could get me anyway if they wanted to - after all I’ve signed in here with my official name and everyone knows, who I am and where I work.

It’s also an opportunity for me to learn more about the system’s quirks, and maybe some time I will become a template developer and finally understand how to build by own templates and the ‘drivers’ for them for a seamless integration.
Also, I found out the Community Docs lacking some things that were important for me and I’m motivated to write useful information and improve them.

I can also voluntarily do silly things like visiting sites with Internet Explorer 11 and not worry about malware at all. Or play Game Maker games in an offline domain without them phoning home.

2 Likes