undefined | Better HN

0 pointsfsflover2y ago0 comments

Snowden is using and recommending Qubes [0]. Only 25% of Xen bugs on average affect Qubes [1] and never lead to escapes. What is restrictive about Qubes? I do everything I need on it.

[0] https://twitter.com/Snowden/status/781493632293605376

[1] https://www.qubes-os.org/security/xsa/

0 comments

effie2y ago

Don't do things just because twitter persona says so. Is there an independent security audit of Qubes that checks its factual capabilities in security?

> Never lead to escapes

Escape is the highest form of security failure. I'm talking about data access and exfiltration.

Do you store all your important data on a VM with no internet access? Even Qubes users don't, it's hard to work with. Then it's Firefox/ kernel bug away from being accessed remotely.

XSAs are publicly known vulnerabilities discovered by someone who wanted to make it public and later were published by the Xen developers. There very probably are publicly unknown vulnerabilities, both in HW and Xen, discovered/created by people who want to profit from exploiting them. There are whole teams focused on this kind of work, payed by states and criminal-enablers like NSO.

> What is restrictive about Qubes?

No GPU acceleration for video in a VM, legacy OS on dom0. Xen development in support of modern CPUs has fallen behind, didn't even boot on modern Zen X570 platform last time I tried, dysfunctional nested virtualization, using KVM from Linux does not work, can't run Android Studio with phone emulator.

fsfloverOP2y ago

> twitter persona

Did you just call Snowden a "twitter persona"? You're not serious. Not sure if I should reply further after that.

> Do you store all your important data on a VM with no internet access? Even Qubes users don't

Yes, I do. And I'm a Qubes user. There are many more users like me on their forums. This is much more convenient than you think: you can easily and securely copy/paste passwords wherever needed.

effie2y ago

I am serious. He is famous for leaking interesting US gov documents and running away, but then he's become a celebrity who talks and writes on the internet. What computer security work is Snowden known for that makes him an authority on computer security? If let's say Kevin Mitnick said Qubes is a solid product for data protection it would be interesting; Snowden, not much.

What about that audit?

If you keep all your important data off internet, that's good for you, and Qubes helps.

j / k navigate · click thread line to collapse

0 comments

effie2y ago

Don't do things just because twitter persona says so. Is there an independent security audit of Qubes that checks its factual capabilities in security?

> Never lead to escapes

Escape is the highest form of security failure. I'm talking about data access and exfiltration.

Do you store all your important data on a VM with no internet access? Even Qubes users don't, it's hard to work with. Then it's Firefox/ kernel bug away from being accessed remotely.

> What is restrictive about Qubes?

fsfloverOP2y ago

> twitter persona

Did you just call Snowden a "twitter persona"? You're not serious. Not sure if I should reply further after that.

> Do you store all your important data on a VM with no internet access? Even Qubes users don't

Yes, I do. And I'm a Qubes user. There are many more users like me on their forums. This is much more convenient than you think: you can easily and securely copy/paste passwords wherever needed.

effie2y ago

What about that audit?

If you keep all your important data off internet, that's good for you, and Qubes helps.

j / k navigate · click thread line to collapse