On Tuesday, March 6, 2018 at 7:19:05 AM UTC+1, Tim W wrote:
> On Tuesday, March 6, 2018 at 12:23:10 AM UTC-5, Yuraeitha wrote:
> > On Tuesday, March 6, 2018 at 5:24:50 AM UTC+1, sevas wrote:
> > > Thank you both for this enlightening talk, and especially Yuraeitha for 
> > > such a lengthy researched opinion!
> > > 
> > > We speak of stability. Stability and vulnerability go hand in hand, dont 
> > > they?
> > > 
> > > I love the kde plasma desktop and I would like to have it. But it looks 
> > > like a complicated GUI that probably is not as secure as something more 
> > > simple. But again, the non-root GUI is not going to connect to the 
> > > internet. 
> > > 
> > > My previous feelings were to use one template for internet access and one 
> > > for background/desktop/personal use. But that may not be needed since 
> > > applications available in a template are not necessarily used in the 
> > > appVM. Is that correct or would there be some data leak?
> > > 
> > > XFCE is something I havent used in a long time, but I will surely look 
> > > into my customization techniques before I make a big move.
> > 
> > About the stability going hand in hand with vulnerability, I view it the 
> > same way too, though it's not always the case if it isn't possible to 
> > exploit it, which also isn't always possible too.
> > 
> > Qubes once used KDE btw, you can find the discussion that made the change 
> > from KDE to XFCE5 here https://github.com/QubesOS/qubes-issues/issues/2119
> > Some of these issues I believe have changed though, what is perceived as 
> > "ugly" was back then a bit of an unlucky controversial statement due to 
> > different subjective opinions and it caused a bit of a stir in the KDE 
> > community. But I believe KDE also corrected some of those issues since 
> > then? 
> > 
> > It's a good idea to keep your critical offline app's and data in an offline 
> > VM btw, keep doing that. You can also find multiple of official Qubes 
> > recommendations suggesting this offline AppVM move. For example the Split 
> > GPG guide in the Qubes doc's recommend this approach in order to keep your 
> > GPG keys more secure from being hacked. For example if only one application 
> > makes an outgoing opening in the firewall in the AppVM, then data in that 
> > AppVM might be opened to risk through exploits and attacks to that 
> > established connection. I have about 15-17 AppVM's which I use, not 
> > including the ones I don't use or templates, and I'm probably a light AppVM 
> > user compared to the more extreme ones. If it seems overwhelming though, 
> > try start with a set smaller number of VM's, then as you get used to it, 
> > try expand with a couple of VM's at a time. Think about what it adds to 
> > security or practical use-cases, and keep reviewing your VM layout :)
> > 
> > I believe there should be no issue switching between XFCE4 and KDE though, 
> > since the guide to KDE doesn't mention deleting XFCE4, just disabling it 
> > (at least it didn't at the time I read it). So presumably you should be 
> > able to switch between them with 2-3 commands in the tty terminal. You 
> > mihgt want to double-check that though, for example can you keep switching 
> > between them multiple of times without causing any harm to the system?
> 
> Correct.  I have had both on and functioned fine.
> 
> For secuirty I see little difference other than maybe the amount of code.  
> The more code ,all things being equal, the more possible holes errors surface 
> area to attack.

The strength of Qubes is that it takes resourceful and skilled attackers to get 
through, and maybe some social engineering to boot. It's not as straight 
forward as exploiting fedora seems to be. If something like this is "this 
easy", then it's very off-putting and worrisome, because then "anyone" could do 
it, and that to me seems to just undermine "everything". It probably matters 
less for dom0 though, but I'm certainly considering replacing fedora for debian 
on my sys-net, sys-firewall, and other online VM's with critical 
infrastructure, though not jumping to conclusions "just yet" either.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed7cfba3-9ff5-4333-9a86-69c8696baac8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to