Links 24/7/2017: Linux 4.13 RC2, Mesa 17.2 RC1, Akademy Coverage

CERT-LatestNews ThreatsActivists ThreatsCybercrime ThreatsStrategic

All in all, the Qubes OS team did an awesome job on integrating all this things so far. The security of the App VMs is not better than the security of the corresponding Template operating systems. However, if a App VM gets an issue, it does not affect the others. If you plan to do weird things, you can use a disposable VM where all changes gets discarded afterwards. It is very easy for anybody to create App VMs without network for example. And this is something I would like to use ever since I stumbled over Firejail which provides app-specific sandboxing.

In general, the documentation of Cubes OS is awesome. I learned a lot and I had to. Cubes OS is nothing to set-up by aunt Martha. You have to have deeper technical understanding to set-up the system. Afterwards, anyone is able to use it with a short introduction to the basic guidelines.

Of course, I found some usability issues and some bugs here or there. But overall, Cubes OS is a valid option for a security purist or a privacy-aware person.

When Qubes OS meets my personal requirements, it complicates things though. For example the file server/client architecture adds complexity you don’t have to maintain within a personal computer.

Accessing USB devices, network printers and so forth is cumbersome as well.

You have to set your priorities. ;-)

Will I install it on my notebook or desktop and use it on a daily basis? My notebook would be cool since it is in potential harmful environments such as WiFi networks I don’t control. On the other side, I do need USB flash drive access with good usability and need to connect to projectors.

My home server/computer runs 24/7 and could profit from Cubes OS since I got many different things running on this machine. I could separate those domains. Working in offline VMs with applications that don’t need network is also a very nice thing to have. The USB flash drive thing is also a big thing here. Restricting to LAN access only would be fine. System crash resulting in an encrypted system that does not boot any more is a no go.

Well, I am not convinced yet. Probably I stick to Debian 9 or I do find the urge to come around the issues and find a Qubes OS setup which serves me well.

http://techrights.org/2017/07/24/akademy-coverage/

Tagged