Re: [qubes-users] QUBES Friendly Version

['Matt Drez' via qubes-users]

You use systems if you use almost any flavor of Linux. The systemd is a process 
that controls so many things on a system that some people joke about it being a 
second operating system on top of the Linux kernel. The "security hazard" part 
comes from the sheer complexity of that code, because it is hard to verify and 
audit the a system. 

> Just like the old init scripts used to do, systemd basically controls the 
> startup, initialization, and then manages many daemons behind the scenes. You 
> have to just trust that it is going to do the right thing under any 
> particular circumstance. 
> 

> If a rogue actor changed your configuration it could be difficult to detect 
> in some cases. Gaining a persistent foothold on your system would be a common 
> goal for an adversary and system gives them several ways to do that.
> 

> Qubes however uses a read-only system volume so simply adding extra processes 
> to your system is rather difficult to do by using systemd. They really need 
> either dom0 or template access to do this. 

Steve,

Though this topic did not pertain to me but I just wanted to command you for 
your thoughtful response.

Some IT folks can be absolute jerks many times. When someone has a question 
they respond with a crude, abrupt, uncalled for attitude. Like: "google it", or 
"use the man pages", or emphasizing that this it just a "basic linux" question. 
I see that here also sometimes and it really gets under my skin. There is one 
specific user doing it often but I won't call out names. All that does it makes 
the person not to want to ask questions and feel like a complete idiot.

I just honestly want to thank you for taking the time and responding to this 
question in such a postive manner!

Matt

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/M9NcjR-bHKkS2vRFowGZdPlUgQXYD5TvBOMUhNN4XLX5kWX5eIn-EMUgWb9o5n7Yvj-DMHL2ioEIzy26kbmrdoEaNXiVho5uVyCPzY46qBg%3D%40pm.me.


publickey - mattdrez@pm.me - 0x8196D0F4.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] QUBES Friendly Version

[Steve Coleman]

On Wed, May 13, 2020, 6:35 AM Eva Star  wrote:

>
>
>> Personally, I consider systemd both a mistake & a security hazard,
>>
>>
> Can you please share more details about this? Personally, I don't use both
> of them, but wan't to know.
>

You use systems if you use almost any flavor of Linux. The systemd is a
process that controls so many things on a system that some people joke
about it being a second operating system on top of the Linux kernel. The
"security hazard" part comes from the sheer complexity of that code,
because it is hard to verify and audit the a system.

Just like the old init scripts used to do, systemd basically controls the
startup, initialization, and then manages many daemons behind the scenes.
You have to just trust that it is going to do the right thing under any
particular circumstance.

If a rogue actor changed your configuration it could be difficult to detect
in some cases. Gaining a persistent foothold on your system would be a
common goal for an adversary and system gives them several ways to do that.

Qubes however uses a read-only system volume so simply adding extra
processes to your system is rather difficult to do by using systemd. They
really need either dom0 or template access to do this.

-- 
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/b40a5604-efe8-4049-8dff-36d5817a438a%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ5FDnjLC3ecF6Z9C00pruaHXp45OD7AD%3DjnyB-_B0BDJH1cBg%40mail.gmail.com.

Re: [qubes-users] QUBES Friendly Version

[Eva Star]

>
> Personally, I consider systemd both a mistake & a security hazard, 
>
>
Can you please share more details about this? Personally, I don't use both 
of them, but wan't to know.
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b40a5604-efe8-4049-8dff-36d5817a438a%40googlegroups.com.

Re: [qubes-users] QUBES Friendly Version

[dhorf-hfref . 4a288f10]

and just to shred that last bit of misinformation the other two
responses skipped ... 

On Tue, Apr 28, 2020 at 12:44:38AM +, '[NOTIFICATION]' via qubes-users 
wrote:

> It would be great if you opened up QUBES for worldwide editing and
> audit and development. 

https://github.com/QubesOS/

just go ahead and edit/audit/develop as much as you want...



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200428091505.GI935%40priv-mua.

Re: [qubes-users] QUBES Friendly Version

[taran1s]

'[NOTIFICATION]' via qubes-users:
> Do you think QUBES is better than COPPERHEAD or does COPPERHEAD have better 
> features than QUBES?
> 
> It would be great if you opened up QUBES for worldwide editing and audit and 
> development. Or maybe merge with PARROT or TAILS or OPENBSD or WHONIX to 
> further friendly usability for all people instead of making it so complex for 
> hardcore users without compromising its robust secure foundation?
> 
> Reference Source Link: https://copperhead.co/android/
> 
> FOOTER
> 
> Express Actual Notice: This message is deemed private or confidential. Unless 
> for criticism or news-report or research or scholarship or teaching or 
> comment or opinion, this message may also be deemed copyright. Due to 
> existence of sophisticated data collection programs globally, assume or 
> presume by default that all digital data associated with this account is 
> subject to intercepts, storage, surveillance or monitoring by intelligence 
> systems and agencies, anytime or anywhere regardless of privacy or security 
> or encryption (EO10995). Sender(s) or agent(s) accepts no liability for any 
> message(s) or its attachment(s). All typing errors are not intended or 
> intentional. Keep sent attachment size less than inbox size of 1 GB. Without 
> Prejudice. All Rights Reserved. Special Deposit.
> 
> You are receiving this may due to possible time zone conflicts & to reduce 
> and save forever paper, ink, phone minutes, fax, travel fuel and 
> national-international mail postage expenses, excluding incurred data costs.
> 
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
> 

Do you mean the COPPERHEAD the Android project that was previously
developed by Daniel Micay and was stolen from him by his colleague?
Daniel Micay recovered already from the fuck-up and moved on to his new
excellent project GrapheneOS. COPPERHEAD is developer-wise, dead. Check
it please. He is, as far as I know, cooperating with Qubes on an
Android-GrapheneOS template VM.

It is possible to install any of the mentioned OSes like TAILS, or
PARROT in Qubes already. Consider please that the Threat model of these
OSes and its usage varies greatly.

Whonix is a default part of the Qubes already. (??)

While Qubes can seem to be complex and hardcore as you mention, it is
necesssary to understand just few basic rules and facts and you are good
to go. Anything else can be found on Qubes docs easily or ask here and
people just help like pros.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/871cacb2-2646-0599-f4b6-bf598ccab0e9%40mailbox.org.


0xA664B90BD3BE59B3.asc
Description: application/pgp-keys