On Friday, March 10, 2017 at 1:14:47 AM UTC-5, Drew White wrote: > On Friday, 10 March 2017 15:36:49 UTC+11, cooloutac wrote: > > My problem with Qubes is that i'm still noob. I don't even know what alot > > of system processes are or what they do. Qubes is more complicated then a > > normal os even just to monitor network traffic. I'm mostly in the dark > > compared to on bare metal os. > > > > I know more about qubes than the developers do by now. > monitoring is easy, just have a proxy that does it after the netvm. > NetVM -> Firewall/Proxy running WireShark or similar -> AppVM/HVM > > > > I'm basically at mercy of a default setup lol. But I think thats part of > > qubes goal. It has the misnomer of being called for nerds or enthusiasts. > > But its really for noobs. The hard part is just taking a step in these > > waters of a new world, even for most security experts. > > > > I wrote my own applications for qubes because the developers wouldn't fix > things and didn't change things to use less RAM. > I wrote my own manager that uses only 200 MB VRAM, instead of the current one > that uses over 1 GB VRAM. (Approximations) > > Qubes is built for end users, not nerds or developers or anything (or so they > claimed, will post reference later). > > > The hard part is just accepting the fact you will be compartmentalizing > > diff aspects of your daily activity on your pc. Its a different way of > > thinking. > > > > it is a different way for many people. Those of us that are like me, and are > developers and such, we use virtualisation every day just to do our jobs. > > > > Its about accepting the fact you are never 100% secure and its just a > > matter of how persistent your assailant is. No matter what OS you are > > using. Everyone gets compromised imo, even most security experts. The only > > people that don't are people that use their computers like monks. All we > > can do most of the time is mitigate it. > > Accept you aren't secure. Accept that you are compromised. Then try your best > to prevent things from going wrong. > > It's always good to prevent what you can. > > I have a way of doing things that permits me to protect myself up the wahzoo. > > More advanced than the way qubes initially did it. > It involves me doing different things with the iptables rules, but it's > workable. > > I've done things and tested things, even the vulnerabilities that they say > there are that makes qubes super duper easy to break, and mine hasn't broken > or had that vulnerability. > > Default setups, they can cause issues. > SystemD, issues. > > Hopefully one day, things will be back to being better, but until then, we > just have to try to protect ourselves as best as we can. What else can we do > when people like Google and Microsoft and all those others are trying to > steal your data and take over your life and your pc and everything about you, > then sell your data to the everyone....
true. Why not just use wireshark in sys-net, since its considered unsafe anyways? The problem for me is identifying what vm and what process is causing the traffic. To use baremetal methods on every vm is impractical. I still never figured out how to make the firewall scripts to control everything outgoing. I still don't even believe its possible for some system processes. Sure i've made iptables rules file on baremetal linux no probs. But I have to be honest, with Qubes its too complicated for me. another issue for is monitoring hdd activity in similar manner. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/05b01d4e-c901-4f9e-aef5-bdc52e947476%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
