ฝัง
- เผยแพร่เมื่อ 31 พ.ค. 2024
- The Release Candidate of Qubes 4.2.0 has reached RC3 status and so I wanted to take an early look at it and checkout what some of the new features are. More importantly in the last several years the Qubes development group have made some astonishing promises of new things they wanted to implement in Qubes, and it appears to me from this RC release they are delivering on that promise.
So check it out and see what this team is doing to try and help us to do what the Intelligence Communities have been doing for decades, which is to compartmentalize our data so that a breach is not a winner take all, instead its limited to the exposure of the data in a particular compartment. Making it very difficult to gain a full picture of you and your digital life.
Chapter
00:00 - Start
00:40 - Qubes you Say
01:23 - Architecture of Qubes
02:01 - GuiVM
02:22 - Templates
03:04 - AppVM
03:50 - Disposible VMs
04:57 - Device Isolation
06:01 - network VM
06:19 - Firewalls
06:56 - Levels of Trust
07:17 - UI Trust
07:48 - AppVM
09:03 - The Nature of Qubes OS
09:23 - Unified Desktop
11:05 - Disposable VMs
11:31 - Device Isolation
12:12 - Marker 17
12:39 - User Documentation
13:59 - Unified grub.conf
14:45 - Couple of things
15:19 - Final Thoughts
16:49 - A Few Issues
20:32 - My Sponsors
20:42 - Outro
Gear I used to make these videos
Hardware
Mac Mini M1 - amzn.to/3NDQj9F
Lenovo Thinkpad X1 Extreme (Daily Driver Linux) - amzn.to/3PkSYpK
AMD Rysen Machine (Currently Unplugged)
Khadas VIM 3 - amzn.to/3NjJmt3
NVIDIA Jetson Orin Nano - amzn.to/3NcLpyZ
Odroid N2+
Raspberry Pi 4
Intel Nuc 10 - amzn.to/46e6l15
Intel Nuc 12 - amzn.to/3NCYxPj
Network
Aruba Instant On 1930 24-Port Gb Ethernet - amzn.to/46e6l15
Video Equipment
Panasonic GH6 Camera - amzn.to/3PoUKX1
Panasonic GH4 Camera
Blackmagic Design ATEM Extreme Pro ISO - amzn.to/3Pkma08
Blackmagic Design Hyperdeck Studio HD Mini - amzn.to/42JY5mt
Blackmagic Design Hyperdeck Shuttle - amzn.to/42Tdzoi
Blackmagic Design Cloud Pod - amzn.to/3qW14va
Audio Equipment
Shure SM7b - amzn.to/3qQ7Qm7
Universal Volt 276 - amzn.to/3Nfe9He
Software
Rogue Amoeba Audio Hijack 3
Rogue Ameoba Loopback
Blackmagic Design Davinci Studio 18 - amzn.to/43ZjPMm
Support me on Patreon: / djware
Follow me:
Twitter @djware55
Facebook: / don.ware.7758
Gitlab: gitlab.com/djware27
#qubes #compartment #security - วิทยาศาสตร์และเทคโนโลยี
![[4K] TREASURE(트레저) “KING KONG” Band LIVE Concert 킹콩은 라이브를 찢어🦍 [it’s KPOP LIVE 잇츠라이브]](http://i.ytimg.com/vi/p8bLLOxPDD8/mqdefault.jpg)
Hey DJ Ware, just want to give a huge thank you for making your content the way you do. I really appreciate your well developed explainations; they make it much easier for peeps like me to get a good understanding of what is being covered. Love the content, as always.
Thank you @alec1575 I appreciate that!
I first heard of Qubes way back when it was in beta, before the 1.0 release. Back then, my main machine wasn't powerful enough for Qubes, so I couldn't try it. Nowadays, I don't really have the time to learn it, but it's definitely on my list.
I remember when I first heard of Qubes, I was instantly enamoured with the idea, it was IMO the ONLY sensibly secure system. At the time it was basically impossible to run comfortably... Nowadays with how cheap AMD made to have an abundance of cores, and the ever rolling wheel of time brought the price of memory down, as soon as my laptop kicks its boots and I have to get another one, I'll dive head first into Qubes.
6:30 - firewall is useful if you want to also have a dedicated vpn connection VM. In case the VPN service is down or not connected - the firewall rule prevents other vms that connect via a vpn vm accessing the network without vpn being active by not allowing any connections other than through your vpn ip(s). There are other ways to achieve this, but this one is simple, works for all downstream workflows, and most importantly does not require any additional software installation as it doesn't care which vpn service and protocol you use.
Sounds great. Still using 4.0 but looking forward to this release!!
I agree with you!
Thx mate for an actually good overview of how it works. It’s intriguing and now on my to do list to have a look.
Thank you, great information.
Most Welcome
Thanks for the video, been running for a while.
If I may, I would like to suggest you to do a video about the relevance (or not) of the firewalls these days.
if i could create a windows 10 Qube to play games on, like GTA, Call of Duty, Fortnite, etc.. i would probably use Qubes then.
when i download a games, they have full access to my entire computer, and the anti-Cheats are kernel level drivers scanning everything i have on my computer. i hate that. also games can have RCE exploits, and control your entire PC. i think Qubes is a very cool idea, i think it actually is the future, but seriously.... we need gaming support, win10 Qubes with full performance. until that happens, i wont be using Qubes, ill just use a 2nd Computer for games.
I do wish they had someone dedicated to make official documentation guides when issues are resolved in the forums as there can be multiple threads on the same subject and pieces of the info you want may be split across those threads. I also wish some of the questions that come up ALL the time like setting up VPNs should just be made into easy to function GUIs.
This actually seems like something that I would want: I'm a heavy runner of virtual machines, virtual box, qemu and sometimes docker. I have to ponder the programming aspect also though.
I've tried Qubes, but I need to add more memory before I can really take advantage of it.
I have the feeling, that you can do exactly the same, if you move your apps to KVM VMs or Virtualbox VMs. You can have completely isolated VMs for some apps, you can destroy a VM after usage and you can have templates for different OSes by using cloning. If required, you can use TPM and secure boot for the VM. I use a setup with 6 VMs, 4 Linux VMs: one for all communication apps; one exclusively for banking; one for multimedia and one for experiments. Two Windows VMs are; Windows XP Home as my jukebox and Windows 11 Pro, I might need it some day :)
I run it easily on the 2nd slowest Ryzen ever, the Ryzen 3 2200G with 16GB DDR4. These VMs run from a 512GB nvme-SSD (3400/2300MB/s). The file system is OpenZFS and its storage and caches are lz4 compressed. Typical boot times; Xubuntu 22.04 LTS (4 cores) ~7 seconds :) Ubuntu 16.04 ESM (4 cores) ~11 seconds and Windows XP Home (1 core) ~25 seconds :(
Note that I use exactly the same VMs on desktop and laptop, so at home and on the road I have exactly the same environment.
Qubes isn't exactly the same as running a bunch of VMs. I mean, it sort of is, but not exactly. Among other things, Qubes' concept of zones doesn't really exist with traditional VMs.
Qubes tries to do limited integration.
Greetings from Colombia, nice to meet you my name is Eisenhower, I am engineer Software
Nice to meet you @eisenhower.guzman5880
For some inexplicable reason, I was unable to initiate the installer on a system with a Threadripper processor and an AMD GPU, despite attempting two different USB drives and two different tools to create the bootable USB. I encountered a blank screen when starting the USB ISO. It appears that Qubes OS is somewhat selective when it comes to compatible hardware.
Check their documents on UEFI Boot and make sure Secure Boot isn't enabled, that caused a similar problem for me, don't know if that is your issue or not, let me know
You should take a look at spectrum-os
I'll take a look at it
I was just thinking that Nix would be a great companion to Qubes. Since Qubes is effectively a library OS, it should support unikernels defined in Nix configs.
Is this practical, @CyberGizmo?
Hey DJ,
Is there a specific laptop you like using with Qubes?
question? can i use qube as a live os like tails ? meaning booting it on whatever wherever pc/laptop whenever i need to go online ? and will it wipe out everything each boot never store nothing like tails ? thank you
Nope, but you can create anonymous qubes that will wipe out all data on them when you are done with them (power off). Qubes is very different from Tails
@@CyberGizmo thank you brother. so basically Qubes needs to be default and tails can be live ? also making anonymous qubes wouldnt leave nothing at all ? your HD would not be touch only you r Memory basically ?
This would be interesting with Nix and POP! OS vms. Nix allows further granulation to the packages and venv environments through home manager NIX.
If I may, 2 questions.
1. What about a heads/tails vm as an alternative or even a combined output/input resource vm?
2. What about an IPFS vm storage solution to 'nas' the vms and also transactional API access?
what is the best PC to build just meant for Qubes OS? AMD? also gaming on Qubes, with windows 10/11 Qubes.
We have pci passthrough in qubes now... does that include AMD graphics cards?
Dunno, you can always try it, you can optionally install qubes with a 6.4 kernel
It's not unusual that I need to connect to my workstation from another computer using SSH. Does that work okay with Qubes?
You mean to another question or outside to another computer? Outside to computer yes, to another qube could be a security risk esp if different color
@@CyberGizmo Only from my OpenBSD servers. If I'm at a remote location, I probably don't need to connect to the workstation and if I do, it is by jumping through the bastion server to get there.
The bastion server only permits connections to certain selected accounts and then only with either two SSH keys (one ED25519 key and one 4096 bit RSA key) or one SSH key and the password for the account. All passwords on the servers are at least 20 characters long and usually 40 or more characters. And no two are the same. For console logins, I generally use S/KEY because the passwords are so much simpler with S/KEY.
Another question is whether Qubes OS handles IPv6 well?
For what it's worth, I ordered 32 Gigabytes of memory last night for my workstation. It should be delivered by Friday.
I generally do encrypted backups with borg twice a day and copy the new borg files to ProtonDrive every few days. I've been doing it like this so long that I can generally meet my goal of being able to shut down the workstation, install from scratch a different OS or a different version of the current OS, restore the data files, and be back up and running within an hour. Of course, installing the various packages I generally use can take a day or two. It may take some doing to get this to go so smoothly on Qubes.
I'd love to install Qubes on my newest laptop which is an HP. It has the memory, but it seems to refuse most OS systems I've tried. I've tried installing Ubuntu and SuSE but it refused both of them. I finallyh got it to take Red Hat.
@@CyberGizmo As it turns out, it doesn't matter. I couldn't get Qubes to boot on it. Looking at the hardware compatibility chart, I see that some computers from that company are compatible, but the one I have is not shown as compatible.
So I decided to go back to OpenSUSE 15.5. I had been using the 15.5 Alpha. 15.5 doesn't seem to want users to be able to run batch jobs or cron jobs on it. I use batch jobs quite often, especially for the twice daily borg backups.
I wonder if other versions of LInux are against batch files and cron jobs.
I'm tempted to abandon Linux and go back to 100% OpenBSD (OpenBSD 7.4 was released today). It seems more natural to configure the system by manually editing the configuration files anyway.
DJ can you talk about Wasm and what these guys are trying to accomplish?
Actually i'm fine with firejail of the browser
Nothing wrong with firejail
Department of defence? Can you talk about, explain some secret :-)
I don't look good in orange
Q: Does Qubes OS 4.2.0 RC3 run on ARM personal communicators?
sadly, no, it supports 64-bit Intel or AMD only at this time
Until it fully supports GPUs with good performance it isn’t really interesting to me. Too many caveats to use a GPU last I checked.
There is a video playing a videogame on Qubes OS, it plays at less than 1 fps
Forums are a poor way to spread info, they are filled with fluff and stuff. Time wasters. I know we are all pressed for time, but if one user contacts you, a hundred have the same issue.
I remember someone long ago posted a standard flow of responses from a forum post, usually you end up with recommendations that don't work, people telling you are doing it wrong, a few you wonder why you are doing it that way...on and on.