On Sunday, January 27, 2019 at 12:22:03 PM UTC-5, unman wrote:
> Qubes provides a framework for using software - it doesn't take away the
> onus on users to use that software properly, and to ensure they are aware
> of good practice.  (As an aside I'm always baffled by people querying
> how they can use Facebook under Tor or Whonix. What are they thinking?)
> I regularly audit templates with tripwire, running from an
> offline openBSD qube, and do standards checks with debsums. I do good
> deal of my work offline in openBSD and then transfer encrypted in to
> other qubes for transmission. That seems like overkill, and isn't for
> everyone: it might be for you.
> unman

I think this is the most important thing you wrote. I used to do network 
security for a small scientific government network back in the 1990s, and I 
constantly ran into the problem that there is an inverse relationship between 
security and usability.  The scientists on my network were constantly finding 
ways of going around whatever security measures I put in place precisely 
because they didn't want to deal with the "hassle."   

But I'm no different, really.  Not too many years ago, I routinely disabled 
SELinux when I installed a new OS simply because I considered it too much of a 
hassle to learn how to use it effectively.  It made it difficult for me to do 
stuff.  Everybody yelled at me, but it just wasn't worth the effort to me. Now, 
I've learned it a bit and it's not such a hassle.

There's this balance between the inconvenience/damage associated with an 
intrusion versus the inconvenience associated with the security configuration.  
For me on the computer I'm using as I write this, it wouldn't be the end of the 
world if *everything* on my computer were owned by someone else.  It would be a 
hassle, but not fatal -- I have insurance, etc. for the financial information I 
have here, and I don't really care if someone sees the email conversations I 
have on this machine.

So, considering the financial stuff, for instance.  There's a hassle with 
someone getting my credit card information.  It's happened (though not because 
of a computer glitch).  My card gets frozen, I can't use it for a week or two, 
I have to make a bunch of phone calls, etc.  But I'm financially protected and 
eventually I'll be fine.  The problem is the hassle factor, not financial ruin. 
My biggest security concern is someone using up all my bandwidth; I live in a 
rural area and have metered service.  Someone using up 5 gigs of bandwith is 
more concerning to me than them owning 5 gigs of data from my machine. So, I 
have to ask myself, which is more hassle -- dealing with the intrusion, or 
dealing with the security hassle?

It's my responsibility to determine where that balance is, and nobody else's.  
And it's likely different for everybody.  For instance, I used to have a blog, 
but I'm a litigation consultant and I started seeing my blog posts turning up 
in court.  So I don't blog any more. I can't be on Facebook, or LinkedIn, or 
Doximity, or ResearchGate.  That's not a problem for me, but it would drive my 
wife crazy.  I use one laptop for some stuff, and I use a different laptop, 
differently configured, for other stuff.

And, the higher up the food chain you go with respect to people interested in 
surveilling you, the less chance you have of keeping them out.  I'm out of the 
business now, but back in the day I occasionally did some classified work. I 
remember some years ago, I called a friend of mine who worked for the 
government.  I called him using the work phone of an acquaintance to ask him a 
technical question.  He picked up the phone and immediately said "Hey, Bill, 
how you doing?"

I was stunned. I asked him how the hell he knew it was me.  He said "Bill, I'm 
with the <government agency>.  We always know where you are."

I have another friend who spent his early career working for a government 
contractor.  His job was to break into people's houses at night and install 
keyloggers on their computers. With a subpoena, of course.  All the security 
software in the world won't help you with that.

The key, for me, is to achieve the maximum security that I can achieve and stay 
below my maximum hassle tolerance.  Qubes is nice because it adds a big uptick 
in transparent security with only a small uptick in hassle -- at least for 
someone who is fairly conversant with sysadmin stuff.  So for me it's a big 
win. But it's not all there is.

There's no such thing as perfect security.  There's only finding the balance 
between one's perceived risk, one's actual vulnerability, and one's tolerance 
for hassle.  And any security configuration is self-defeating if:

1) People take it for granted and think that it's all they have to think about, 
2) It's enough of a hassle that you start going around it to do your work.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to