-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, Jul 04, 2016 at 10:46:52PM -0700, juris...@gmail.com wrote:
> 1) qubes is a system for security and isolation. But when you install, you
> have no encryption options.
Full disk encryption is enabled in default installation option.
> 2) Qubes face 2 problems nowadays for engaging new users with real security.
>
> a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for
> people that has WINDOWS and GAMES also, a good GPU, and wont waste their
> machine on a UNIQUE linux system at least without dual boot.
>
> b) Nvidia spy on people, with their streaming @!^@^% they put in new gpus,
> network, etc, and people are suspicious amd too. But most consumers are from
> nvidia. nvidia now spy on hardware level. Does not matter the system
> security.
>
> The solution? REAL windows virtualization with GPU PASSTROUGH. So, the high
> end computers can use windows for what they need and even play games. Plus,
> if you do use nvidia in dom-0, they WILL capture the screen on hardware
> level. Nouveau is not working right for a long time. Onboard or gpu 1 for
> dom-0 and nvidia or amd high end for windows VM. If the person doesnt have 2
> monitors, it can change the vga adapter from 1 to other to use windows after
> starting the vm. that would be perfect.
>
> So we give a finger to nvidia and the drivers problems they cause, and we
> isolate their spying inside windows vm, plus eliminating the need for a dual
> boot and for everyone not using their gaming gpus.
This was discussed many times, so search the archive for more detailed
answer. In short: GPU will always be able to see the screen content -
this is what GPU does. Having GPU passthrough done securely (for example
without increasing dom0 attack surface by launching qemu there) is quite
hard because GPUs use a lot of non standard tricks and hacks in addition
to standard PCI operation.
Implementing this is on our roadmap, but it is hard and will take time.
> So, XEN is not good for that? consider passing to KVM.
This is exactly what would expose dom0 ("host") for huge attack
surface from qemu...
> 3) Consider offering PFSENSE as optional firewall vm installed out of the
> box. It`s very hard and time consuming to do that inside qubes system without
> studying all, for managing internal ip structure etc. It is the most perfect
> firewall for use inside a VM, qubes is a system for VMs, and i did use it
> even inside windows in virtualbox. But i was in WINDOWS, and that means, no
> real security at all.
Feel free to send patches...
> I would like also to give 2 more suggestions for people to considerate,
> concerning whonix, since patrick is a developer here:
>
> 4) People need a pop-up window to explain them to NEVER use an existing
> normal vm trough the whonix proxy vm, just NEW ONES. Because they have
> already fingerprints, identifiers, browser behavior, browser plugins
> identification, aplication updates, specially in windows. If they connect
> that with once used real wan IP, game over for anonymity.
It depends on use case - you may want to use tor not only for anonymity,
but also to just hide your traffic from just your local ISP (public wifi
etc). In that case it's fine to use existing VMs.
But yes, for anonymity new VMs should be used. I think this is already
covered in Whonix documentation.
> 5) i will use this post to state that tor behaves differently to connect in
> windows tor browser, or linux tor browser, compared to whonix, and i dont
> know why. Whonix gets always same speed, 250 to 500 Kbps, (not KBps) with
> speed of 30 to 60 kB/s of downloads, and in tor browser outside whonix, i get
> 500 to 1 Mb kB/s downloads. Thats really strange and wasn`t expected. I get
> this behavior for almost 2 years, and i dont have the expertize to know why.
> after some googling, i saw i am not the only one getting different special
> routes in tor using whonix.
Strange, I haven't noticed such effect.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXe3NFAAoJENuP0xzK19csiAMH/1gfCmbwIyfMh4TfvbmWADsE
05rB9xXivGvDRCAddAB08LuycAzZxA4mPggrhlR4aaunbwupDUJGwU0sNBHmLTHy
djpPunx3NRqJCPHQe8p5oqHBLpwGivld+p1mgZnfkl3O1LRzNRCGHG8EB708b+SX
o0gmPdOvXvVdzQeKBMhzENUqgtY2uaGl7FZosP9KJsQdpwdFDrawS26q3RDBppvf
uIj5gl5k9CzSU9nswCsGuW+F6NrJ/3itp2ueRiF8K+RSjUeAXwXEJHgtaICjad46
DNyuM6rWe3rAJQUYf+lf3RXzk10qZ13DTWR4Gf3S+y1y/sAoZAQyhKg/hTdFUwE=
=tuBS
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20160705084344.GL4609%40mail-itl.
For more options, visit https://groups.google.com/d/optout.
