2 posts were split to a new topic: Backing up my qubes-VMs is soo sloow,
Could not have said it better myself.
Unfortunately, we are far past that point were we can be passive and be left alone.
3 Likes
TBH, Iām here because I finally was able to get Qubes to run. Iāve been wanting to for a while. I have been hacked once by a hidden root change by a major tax software company that was trying to prevent theft. It trashed my hard drive. That was a deliberate hack, and I have never gotten rid of that chip on my shoulder over that one.
Every other time I have been knocked off using my computers has been a crappy update that scrambled my boot.
With friends like that, who needs enemies?
I donāt have a clue on using Qubes yet, but its only been a day or three. Iāll hit the manuals and get up to speed soon. I am really looking forward to being able to minimize problems with compartmentalization. I have been playing in untrusted containers to get a handle on them before stepping up to actual sensitive, private areas.
Trust doesnāt have to broken by malice, incompetence works too.
2 Likes
Welcome.
Tell us more. Sounds very interesting.
A simple story. The Tax program (TaxAct) changed some settings in the root to show that I had a legit copy of their software. The problem was that I had a multi boot loader that used that same bit (bit 33). In the ensuing mess, the skew and blocks of the hard drive were scrambledā¦ The cheapest solution was to buy a new hard drive.
The deliberate hack part was going into root and making changes on the sly. It was a big scandal at the time (2003), in the computer world, but I was basically told to screw off over my trashed drive. It would cost more to fight it, so I had to suck it up. I was poor at the time, and losing my computer while going to school, losing notes and files was pretty stressful. It was a business decision on their part.
It jaded me.
2 Likes
I donāt expect to be completely untraceable. Iām not untraceable when I walk down the street in town. Anyone can witness almost anything I do. Even if I took care to do something private in an isolated area away from prying eyes, anyone who was sufficiently motivated could potentially spy on my doings. It would just take a lot of effort and resources to do it covertly. Itās significantly easier to track someone and data mine them from a computer. I want a digital presence that has similar risk factors to in-person encounters or as close to them as I can get. I shouldnāt have to sacrifice my privacy/security for the convenience of using the Internet, or even just a computer, any more than necessary. Most people put the entirety of their digital lives in the hands of the likes of MS, Google, Apple, and others without even realizing it and most of those who do realize it (in my experience at least) donāt care. I just not down with that. Not going to feed the beast any more than I need to. Also, given the increasing political polarization of my country where saying the wrong thing online to the wrong person could potentially cost you your livlihood. Iād like to minimize that risk, so having whonix built-in was a major draw. And I was already transitioning to a VM-based workflow before Qubes to protect against viruses and poor decisions; having an operating system that existed purely to run virtual machines in which I did all my actual work. Qubes does the same thing, but does it better and more efficiently. It was a no-brainer.
1 Like
Ahah this one, so paradoxically funny yet philosophical ^^
Until someone spoke publicly about it ? ^^
Ok, I wont quote more because Iāll quote the entire discussion, almost liked all posts ^^ Iām sure people will recognize in my post the reference to their posts !
In short, Iām here for (not ordered by preference) :
- security & privacy
- compartmentalization
- learning
- not reinventing the wheel with own āonce-thought-to-be-secure-but-finally-not-at-allā solutions
- comparing Qubes to my dom0 Qubes-like system
- fun !
Now the longer version ^^
Summary
Iām an IT pro by trade, but enthousiast by passion. (Un)Fortunately I have other passions and correctly splitting time between them is not easy ! Iāve more often than not spent a lot of time inventing my own solutions because I was for sure understanding them, and maintaining them was easier, so I thought !
But sometimes, itās easier and faster to learn quickly an already made solution than to creating it.
Also, you can then rely on specialists who really master their specific thing, so you end up with better solutions, especially when talking about security. I donāt want anymore to come up with my own solutions to realize a year later āwait, that wasnāt secure at allā !
As a sysadmin, things are already difficult enough to make them work correctly, but when you add security to the mix ā¦ Time, where did you go ?! As weāre not lobsters, I think that time is the most valuable thing we have in life ! Itās the only thing we canāt buy ! ^^ Well, one of at least.
Also, as a paranoid-type of user, I spent way to much time about how to conceal my digital self from others. I read all the Mitnick books, and a lot of security articles. Is that level of hiding really necessary ? Havenāt I more funny things to do ? As a regular joe and posing no security threat to anyone, who am I an interest to ?! But hey, even through permanent introspection you cannot totally change who you are ^^
About compartmentalization, apart from being more secure, what I like about it is a better organization of my (digital) life. It started years ago on Firefox (abbrev. FF), when I learnt that you can create several profiles, and run them at the same time. I have too many interests to keep one bookmarks toolbar and browsing history efficiently. So I kinda did on FF what Qubes does on the OS. I have a profile for each of my activities/interests (banking to astronomy, through IT, etc, Qubes users know what I mean), totalling to more than 30 profiles. I even had to create an app to handle this mess (an AHK-based FF launcher for Windows which provides a nicer and easier GUI than the default one, and changes the FF app icons to recognize the different running profiles, in the taskbar or on the desktop). But from the security POV itās lame : all profiles share the same FF install ! And āautoconf/mozilla.cfgā is only helpful for common settings. So here comes Qubes to the rescue !
About documentation
Following 2Ā§ are a bit off-topic, as they relate to documentation, but as other users mentioned it.
Summary
Concerning the video things, I know thatās the trend nowadays, but I donāt really like that. I read way faster than the video plays (even at 2x with helium-based voices), and reading in diagonal is way easier than watching in diagonal ! Moreover, as others said itās harder to maintain and to create. But I understand some like learning from vids so itās only my POV ! And the more help the better, whatever the support.
My 2 cents would be creating āmetaā starting guides to display the existing guides differently. Qubes is such a particular system (uses its own concepts AND commands/tools/wrappers) that the leaning curve is kinda steep, even for guys like me at ease with IT/Linux/Xen/sysadmining, so new users feel a bit overwhelmed.
Do not misunderstand me, the documentation is exceptionnaly detailed and well made ! And I was a wiki editor when Slackware started ādocs.slackware.comā 10 years ago, so I can compare ! The problem is, you canāt read a single guide without opening like 5+ new tabs for new things to learn ^^
Maybe there can be a āNew usersā section, with the -most- important articles one should read. What I really miss is a chronological order : in what -priority- should I read the articles ? Of course, priorities are different amongst users ! Thatās why I think, adding āmeta articlesā could help. (Like a āreally quick start guide to run a FF Qubeā with ādumbed downā/linked steps, etc).
Ok I may have forgotten things, but Iāll stop, long enough post ffs ā¦ Sorry ! ^^
1 Like
go on, please elaborate
Well I donāt know if that should be discussed here ?
You can read a summary of my setup in the 1st Ā§ of this post, and maybe comment there, so I donāt pollute here with my own thing ^^
1 Like
I am here not because I am a target (far from it). But my technical background has me paranoid about anything anyway. I am unfortunately now too busy to have time to setup as many things as I want to from scratch, so to have a compartmentalized system with Virtual Machines with immutable base templates that I can also customize for my use drew me to it. I have not been disappointed.
Qubes OS is Snowden approvedā¢ ā not to be excessively dramatic or flamboyant but anything that is Snowden approvedā¢ demands dedicated time and attention to understand properly. Itās how I discovered GrapheneOS (which for me is good enough to keep my SIM card in for daily use, and helped me stop using a feature phone for my SIM card), started using a password manager (KeePassXC), and now keep my Tails USB sticks updated every month.
Now using Qubes OS is my target long-term goal for main OS in the future (if I ever get my hands on a fresh, proper, and compatible laptop with 16GB of RAMā¦).
Here are some actual reasons why I am trying Qubes OS and will use in the long-term:
- Thereās an encrypted built-in backup system (even if itās OS specific). This makes me less fearful of moving to new hardware whenever the occasion arrives.
- Qubes OS embodies an additional higher abstraction layer of using a computer, making the experience fresh and new. This is the first OS that I actually had to stop, think, and realize through (my short) experience that was fundamentally different than how Iāve been using computers all my life.
- Iād like to submit some HCL reports for any of my laptop hardware that can at least boot up Qubes OS.
I always try to remember why Iām learning Qubes OS: to learn about security and to try to make discussing the topics privacy and security easier to the people around me. I donāt expect them to harden Qubes OS tomorrow, let alone Qubes OS being appropriate for everyone, but progress has to start somewhere ā even if Qubes OS may not be the final destination 10 years from now. An effort has to be made to push whatās already good to be better.
Additionally, I have a daytime background in STEM/the sciences, so it offers a constant counterbalance that consistently reminds me that I have āother things to doā. This privacy, security, and anonymity exploration is just a hobby I explore in my free time. Other people who are far more qualified and talented than me in these topics (especially in software engineering level programming) are actually making measurable progress.
1 Like
BACKGROUND
-
I grew up on beige Macintosh machines. The first Linux distro I ever used was YellowDog Linux when I was 5. My first RHEL install was RHEL 2. Ever since then, I have Linuxed a Gamecube, PS2, several kitchen appliances, as well as every single PPC, x86, MIPS and ARM machine in the entire house (including solar-powered rackmounts, with the solar equipment running on Linux too).
-
I do not have any qualifications in anything computer-related. Iāve just been using the stuff exclusively as a daily driver since I was a toddler.
-
I run a company where Qubes OS is installed by default on all work machines, including the servers (yes, we house everything on-site, including a Qubes repo mirror!), so I have a vested interest in bug-fixing and feature improvement. The least powerful work machine we give employees has an i7-10710U and 64GB of RAM (trust me, they need themā¦), so theyāre not chromebooks. I didnāt want to operate the ācentralized cloudā model for work machines, so we synchronise them regularly and take backups, but they can also operate as local independent machines. I also wanted employees to be able to use their work devices for non-work purposes without getting pwned. I canāt let all those resources go unused, and Qubes OS works amazingly well for this!
The golden rule: āDonāt be a blockhead in dom0 or the work qube, and the rest is all yours!ā 
-
I have been pwned in the past. I have had cryptominers and RATs placed on my machines both remotely and via rubber duckies. I have had cameras and microphones remotely activated. I have had ransomware transferred over by friendsā devices who connected to my home network. Since all the devices were Linux and BSD-based, they went mostly unscathed. My dadās Windows-based work laptop would get messed up quite often, though, but I couldnāt fix it because his IT department locked it down
-
I have been forced to surrender laptops at international border checkpoints, they have usually come back with some very suspicious things done to them, and I wanted to find a way to protect myself. Unfortunately I cover all my screws with nail polish (it cracks if the screws have been tampered with)
-
I know very well what can be done with computers and networks if you know how, and you are creative and donāt mind getting a little hacky.
PERSONAL VALUES
-
I believe that no third party should ever be able to know anything about you unless your consent. This consent can be both express and implied. For example, if someone manages to record me in public, then theyāre entitled to that. But if Iām in my own house, with the curtains closed and the door locked; then I donāt believe any third party should be able to enter my house unless itās on my terms.
-
Iāve heard the āif youāre not doing anything illegal, you shouldnāt be so worried about devices spying on youā spiel one too many times.
WHAT I LIKE ABOUT QUBES OS
- I like being able to ādistro-hopā without having to wipe my SSDs to try a new distro.
- I wanted to find a way to use an absolute beast of a work laptop for personal use without compromising the work stuff. Our work machines are incredibly beefy, and I would hate for all that raw power to be wasted on just adminā¦
WHAT I WANT TO DO
- Assist in getting Qubes OS running on ARM, allowing ports to M1 Macs, Raspberry Pis, Smartphones, etc.
- Assist in tweaking Qubes OS for use with touchscreens and stylus pens.
- Assist in the documentation, auto-setup, OEM install/setup, and ease of use of Qubes OS.
- Set up some dedicated machines of different models that would be able to be remotely controlled by the Qubes devs to test their code on.
- Find a way to show the general public that security doesnāt necessarily mean compromise, and that Qubes OS is the best solution so far.
- Assist in any other way I can
3 Likes
I live in the dystopian states of america in 2022. I reside in the authoritarian state of texas. I am not a fascist. I am not completely ignorant or oblivious. Enuff said?
I was looking for a hardware/software combination that would allow a reasonable level of online privacy/security without breaking the bank and with a good level of community support.
First thing: multitasking to the max!
The exact time Iām writing this post Iām working in an office in one domain, which has microphone and camera connected and in another domains I chat with friends on Discord, Element.io, Signal and on Slack.
All thatās completely separated and I need not to worry about exfiltration of my work data in case something bad happened.
I also utilize Qubes-specific goodies such as split-gpg for additional security andā¦ easier backups. Itās like using a smart-card I can copy to my backup drive any time I want.
Security is crucial to me as I store valuable assets on this laptop and am worried that someone might want to steal that data. Though Iām not worried about three-letter agencies since they could get me anyway if they wanted to - after all Iāve signed in here with my official name and everyone knows, who I am and where I work.
Itās also an opportunity for me to learn more about the systemās quirks, and maybe some time I will become a template developer and finally understand how to build by own templates and the ādriversā for them for a seamless integration.
Also, I found out the Community Docs lacking some things that were important for me and Iām motivated to write useful information and improve them.
I can also voluntarily do silly things like visiting sites with Internet Explorer 11 and not worry about malware at all. Or play Game Maker games in an offline domain without them phoning home.
2 Likes