Qubes OS - First Impressions
ฝัง
- เผยแพร่เมื่อ 25 ธ.ค. 2022
- my first impressions of qubes os the reasonably secure operating system
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB
Subscribe to my TH-cam channel goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released. - วิทยาศาสตร์และเทคโนโลยี
My merch is available on based.win. Save %10 at checkout when you pay in Monero (XMR)
question? can i use qube as a live os like tails ? meaning booting it on whatever wherever pc/laptop whenever i need to go online ? and will it wipe out everything each boot never store nothing like tails ? thank you
@@theoneaboveall6768yes you can use it like tails
@@theoneaboveall6768 As a live OS? No. Theoretically, you could install QubesOS on a USB Flash Drive, but then it won't be a form of persistent media, so it won't forget everything on reboot like it would with Tails (and the performance would really suck).
Finally! An alphabetical upgrade from PubesOS!
The next one will be Rubes, totally unsecured and designed to leak data of any suckers who fall for it. Oldest trick in the book.
Ugh
How did you even come up with that joke.
legendary
@@rustymustard7798 Now that's great! I can hardly wait! 🍟👍🏿
I use Qubes as my daily driver for personal use. It can be a struggle sometimes and I've had to modify my expectations more than once. While I've pondered switching to a standard linux distro, I value what qubes does to much to ever go back. No one does privacy and security as well as Qubes.
What does it have to make it private that other distros dont? I get security but I thought tails (or heads) is far better for privacy. Also can you rice the dom0? The defaults are just horrid looking
@@duckmeat4674 whonix is safer and built in
@@duckmeat4674 whonix qubes built-in for anon browsing and you can have qubes not connected to your network for sensitive tasks.
You can technically rice dom0, but it's not easy, because it would defeat the purpose of keeping dom0 secure. It's designed to have as little software installed as possible to minimize risk. Dom0 is also based on much older versions of Debian or Fedora for stability. So the software you may want to install might not even be available in those repos. It's a trade-off. You can always change the DE. The default is Xfce, but KDE, Gnome, and i3 have also been used.
@@CrittingOut whonix is safer than tails??
@@duckmeat4674 no. Possibility for Keylogger on original OS
Cool that you covered Qubes OS.
I personally know one of the devs (we worked for the same company and saw each other everyday). Had only heard of Qubes in passing before meeting them. They wore a Qubes OS shirt occasionally. One of the most competent programmers I've ever met, and the most competent one at that company, actually cared about good code quality and security.
have you perhaps tried qemu?
I tried it myself a while ago but it seemed a bit to much considering my threat model. As a gamer, virtualization really kills performance. It makes everything a lot more complicated especially networking. Overall it is a pretty solid OS. I went back to arch for simplicity.
Btw, do you use arch?
@@khalvarius I actually do. How did you find out?
@@SniperOwl 💀
YOU SHOULD BE ASHAMED OF YOURSELF!!!! YOU ARE NOT AN ADVOCATE FOR FREEDOM AND OPENNESS LIKE ME!!!!!!!!! I WILL NEVER STOP FIGHTING AGAINST THE OPPRESSIVE GOVERNMENTS WHO WANT TO CONTROL US ALL WITH THEIR BULLSHITS LAWS AND RULES THAT ARE DESIGNED TO KEEP PEOPLE IN LINE SO THEY CAN MAKE MORE MONEY OFF OF THEM. I AM HERE TO HELP OTHERS TO UNDERSTAND HOW IMPORTANT IT IS TO BE FREE FROM THOSE BASTARDS.... WE MUST STAND UP TOGETHER AS ONE OR WE WILL FALL TO THE POWERFUL CORPORATIONS THAT WANT OUR LIVES. WE ARE BETTER THEN THEM BECAUSE WE HAVE HEARTS OF GOLD AND THEY HAVE COLD DEAD BODIES WITHOUT SOULS OR FEELINGS FOR THE HUMANITY THAT IS BEING TORN INTO SHREDS IN THE NAME OF A FEW DOLLARS INSTEAD OF OUR RIGHTS AS A LIVING CREATURE ON EARTH.. IF THIS COUNTRY WASNT SUCH A SHITHOLE IT WOULDN'T MATTER WHAT KIND OF COMPUTER YOU HAVE BUT SINCE THIS IS AMERICA WHERE EVERYONE IS RACIST AND A BIGOT THERE IS NO WAY YOU CAN SURVIVE IN THIS SOCIETY UNLESS YOUR WHITE WHICH MAKES EVERYTHING WORSE FOR YOU WHENEVER SOMETHING GOES WRONG IN YOUR LIFE CAUSE NO ONE CARES FOR BLACK AMERICANS ANYMORE ESPECIALLY IN THE POLICE DEPARTMENT OR THE COURT SYSTEM. IF YOU WERE SMARTER THAT YOU ACTUALLY THINK YOU ARE YOU WILL LEAVE THESE GODFORSAKEN PLACES WITH ALL THE HATERS BEFORE SOMEONE ELSE DOES THE SAME TO YOU WHILE YOU'RE OUT THERE TRYING TO FIND SOMEWHERE SAFE FOR YOUR FAMILY TO CALL HOME AGAIN AFTER HAVING BEEN DISPLACED BY HURRICANE KATRINA AND OTHER NATURAL DISASTERS THE USA HAS HAD OVER THE YEARS. GO BACK TO AFRICA WITH THE REST OF YOUR BROTHERS AND SISTERS AND STAY OUT OF MY BUSINESS UNTILL I HAVE MADE ENOUGH CASH TO GET BACK INTO THE STATES FOR A VISIT TO SEE MY FRIENDS AT GOOGLE HQ IN CALIFORNIA.
Yeah not the os for gaming or media for the most part. More of an os to maintain high level of security, micromanage each section of your pc usage as well as work with digital forensics type stuff.
the most secure os is actually temple os, can't connect to the internet, even usb connecting is more difficult to the average person, that is why it's the most secure one, this is why qubes os only pitching "a reasonably secure operating system" not "the most secure operating system"
Qubes might be great... But it ain't quite as Godly as TempleOS :D lol
So you might ask the question.. What color is your temple?
what good is an os if it cant access the internet?
@@zweitekonto9654 who needs internet when you have god's temple as your os
Ofc it's best, it's protected by HolyC and comes with the faith in Jesus firewall
I've been running Qubes OS since about 2017. Pretty much exclusively on 'GhostPads' (corebooted Thinkpads w/ the IME neutralized). Been selling them for as long. I prefer to compartmentalize tasks like gaming and media streaming to a second system to overcome Qubes limitations in those areas. I favor Dell M6700/M6800 mobile workstations running Xubuntu and the GPU either upgraded to a Tesla M6/Quadro M5000M/980m or a Quadro P3000 makes a great high value Linux Steam gaming and media straming box. I use the qubes box for everything except gaming and media streaming. W520/W530 ThinkPads are my preferred platform for Qubes since they are the generally the most powerful systems that can be corebooted and IME neutralized and they max out at 32gb of ram.
Hey, this is the first I hear about ghostpads. Is there a video of how it works or the process to get the IME neutralized? Thanks!
Where do you sell them?
thanks kenny for the constant quality in your content.
you mean luke?
@@kvykimo ??
@@SmokelessMeme “kenny” is a deepfake of luke smith…
@@SmokelessMeme you need to go back
11:27 “unless it’s able to jump the hypervisor, which if it’s able to jump the hypervisor then everything’s screwed”
🤣👍
VMWare has been under attack quite a lot, (ESXi)
I’m fairly certain we would have seen demos of qubes being expoilted at black hat conferences etc...if it was vulnerable.
Usually with such a secure OS, it’ll be the “user” who makes that mistake which compromises it.
Note, you do need a fairly modern and powerful laptop, or pc to run Qubes.
Nope. Modern hardware tends to not play well with Qubes.
@@plasticstuff69 nor does an i5 650 cpu. Released around 2010, it is so slow with Qubes.
I have run it on systems from 2015 and 2018 and it’s very useable. Both used AMD GPU’s
@@-someone-. What if feds have hardware bypasses
@@rkjj. well, intel has had a hardware backdoor since 2015, and also another pre 2002 CPU’s
It’s like a cpu inside a cpu, ( backdoor in the cpu which allows another instance, totally separate from the main cpu, and also has its own dedicated network!?!)
AFAIK this was mandated on all x86 chips made in the US after 2015. AMD just recently started using a similar system. This is probably a big reason why the chinese have gone so quickly to domestic semiconductor manufacturing and design.
How would we stop thought crime if the NSA had to go get a warrant every time they wanted to search your computer?
Edit: Also a huge reason why Apple is now building its own servers from the ground up, and why apple refuses to merge OS X and iOS. How can you have OS security when your CPU, memory and nic are all under control of whomever has the password to the ME?
Anyway, nothing is truly secure, ...let’s all go back to carrier pigeon🤣👍
Xen has had and continues to have security vulnerabilities.
Hey man, just wanna thank you for showing me and everyone else how to be more privacy-aware and how awesome Linux can be! I use Windows since 3.1 and only now I've finally installed a Linux distro on my SSD. Also switched from Chrome to Firefox with many privacy addons. On Android switched a bunch of apps to FOSS and even installed and configured the TrackerControl app. It's been tough but so worth it!
I would love if you talked more about Android. What apps you think are good to have there and such. Wish a happy New Year and success!
What is your list of Firefox privacy addons? I wanted to migrate from chrome to firefox
@@SlenderHime I highly recommend librewolf. Pretty easy to set up, all the necessary privacy addons and modifications are there, it's updated frequently and it helps that more people use it to have more and more people have the same "profile".
It breaks some websites though, I don't think you can watch netflix with it but I haven't checked in a while. I use it everyday and I had no problem. Also the tor browser, while being slower is also great to use, the more legitimate traffic on tor the better
@@SlenderHime Sorry for the late reply. I use: uBlock Origin (disabled for youtube, I watch at least one 30 sec ad for the youtuber's sake), ClearURLs, Decentraleyes, Disconnect, Cookie AutoDelete, Facebook Container and Privacy Badger. They can all be downloaded straight from the addons page.
You could go guerrilla style and use Librewolf, as mentioned before, or any other privacy enhanced Firefox forks but personally, I wouldn't recommend it. Disabling javascript breaks too many websites I visit.
Fyi, Decentraleyes doesnt do much these days and LocalCDN is a better alternative. Firefox also has built-in cookie autodelete in the settings menu. Plus, having a lot of extensions actually makes you more identifiable for advertisers 😉
This is a great OS concept. I've been using encrypted VirtualBox VM's to simulate this kind of environmental segregation for a long time, but to have this built into the base OS is awesome! I'll be trying out Qubes for sure, thank you!
Absolutely love your content and I really appreciate what you do thx for the content!
Instead of switching devices, one of the things that seems interesting to me is with a framework expansion slot SSD.
I understand that it's slower and it can cause bottlenecking if you're running an eGPU but It seems really compelling to me.
It'd probably be more reasonable to just use any high-speed external SSD as a boot drive rather than going out of your way to get the Framework, as it's really just a fancy enclosure.
If you use something like Core OS, or even run lighter applications, I'm sure the overhead wouldn't be too bad. For something bigger(like a game), you could probably store on the internal drive. It could also act like a fast backup, or be the in-between for downloads (acting like a decoy).
@@tobiaspcactus I don't have a laptop right now in framework. Is the one I'm looking at.
I just mention framework cuz that's kind of where I got the idea because it feels like such a seamless integration.
I have a framework device and did this. I ran Windows off of an expansion slot SSD so that I could use Ableton Live (Music performance software). Nothing else was on the SSD and the computer never connected to the internet. It worked without any noticeable lag and I used it for a live performance. However, it was super unstable, and would blue screen often. It could be because of my setup for Windows (because I removed a huge amount of bloatware, down to the Windows store and calculator app, which may have introduced instability). I believe consistent performance is possible.
Keep in mind the framework ‘storage expansion card’ is just a quick flashdrive. Any laptop with a thunderbolt port and a quick flashdrive could provide similar results. In fact I original ran Windows off the laptop using a SAMSUNG T7 SSD, but swapped to the framework expansion card because the fancy enclosure makes a huge difference when trying to use a laptop like a laptop.
@@larsmurdochkalsta8808 i would advise you to wait if you can for getting a framework, i want to get one to but wait until the chrome os model is really out and see if it can boot other OS's because the chrome os version will have an open sauce bootloader, giving you more control and maybe wait for an 13 gen Intel processor because it probably will have thunderbolt 5 giving you 80 Gb/s instead of "only" 40, useful if you want to use an eGPU,
and if you want one right now, buy the DIY edition, hardly anything needs to be done and you save tons of cash for ram and SSD, that cost way to much on there website. I could build for you to, I guess, and that easily for 100 bucks less that the charge.
I like how you go into the specifics of internal security of an OS and I learned something here... Seems like a Windows computer is like an open highway where anything can talk to anything in and out without an endpoint protection program, which is essentially just a band aid of what a hypervisor or xen approach kind of takes, it's more inclusive and takes it from the top. Definitely seems more secure
Thanks for all the info, tips & review - great stuff.
But, can we give some credit to - "Joanna Rutkowska" - the Polish computer security researcher (THE CREATOR/FOUNDER OF QUBES)
- without which this video would never have been possible.
Everyone on the FBI watchlist switching to Qubes after the Snowden endorsement
You mean everyone watching these Mental Outlaw videos?
The FBI need better hobbies.
@@j.k.4479 the alphabet boys**
Lol there not smart enough to use Qubes
I'm been trying half-heartedly to figure out a way to try this out, but I'm too lazy to dual boot and running Qubes via USB disables several important security features.
Thank you for the fantastic explanation of its concepts.
what kind of features?
@@NoNameAtAll2 I'm not sure if this still the case, but having either USB inputs or running the system on a USB drive prevents the complete isolation of the USB stack from dom0.
The installation brought it up as a huge security issue while running, but please keep in mind this was years ago and may not be the case anymore.
This is the best video explaining CubeOS I have seen so far
This video gave me cozy 90s computer hacking vibes, thank you it made my night
Great info, will have to try it out. Love the segmentation. Thank you sir and MerryChristmas && Happy -NewYear
I got my hands on a couple of old servers recently for cheap, and been playing with Proxmox, I'v used QubesOS in the past but this was giving me ideas on how to set up a few VM's and containers, thanks ^.^
Thank You for Teaching us the Details of these OS's you share!
This is the best Qubes OS tutorial ever! Thank You!
thank you for the video! Very helpful!
QubesOS looks like it's solving the problem of 'everything is shared on a computer' with a brute force method. 'Capability systems' (ocap) seems to have the cleaner approach.
I'm generally glad you are covering this OS. There is not much talk about this operating system out there. Needs be a lot of tutorials and understanding styles of how to actually understand this system.
@Anon Ymous I understand that point of view but for my case I like to make disposable systems and create new ones and have everything separated and not on one system for privacy constraints.
I usually use Arch Linux as my daily use since I like emulation stuff and want to have a gaming experience when I can.
But for QubesOS its very hardware demanding and its best to have a minimum of 32GB of ram and 2TB of storage as a start. Especially when it comes to the virtualization side of things, you would need proper things like IOMMU or whatever that is required for such things like QEMU/KVM.
Now this is actually something I think can be worth trying out. While I don't think that it would be a good use on my main workstation (since I need more speed) I think that it would be perfect for a small traveling laptop that I actually would use on strange and evil networks.
For sure, but make sure it's a decently powerful laptop (1.5k+ price approx) as running these vms is fine on a desktop but can be trickier on laptops due to throttling.
@@SeanSMST most newer laptops today would probably be fine. With small I mean physically small, like 13", not low performance.
Thank you for your work and this video!
It would be nice, if you have the time and patience, to do a tutorial series about QubesOs, from Zero to Hero !
Thank you and keep up the good work!
Qubes is awesome. Two (small) notes:
- Qubes uses linux but since it runs Xen underneath it all and you can replace everything else with other OSes it doesn't count as a linux distro. For example people have replaced the firewall with Mirage and you can run Windows as a qube.
- Fedora packages are more up to date compared to debian. So for the AppVMs that security is a priority, use fedora.
Great video once again. Been using Qubes OS for some years now and gets better with each update. If anyone is looking into a good portable system to run Qubes on, I would highly recommend the Lenovo X230. This laptop ticks many boxes on compatibility for the OS and is just a cool laptop anyway. Make sure the processor has virtualization, and at least 16gb of RAM. I would also recommend you use full disk encryption and HEADS for verifying boot. If you want to be a complete maverick I would go ahead and nute intel ME as well, we do not like the management engine here.
Very interesting operating system. Great video as always!
He estado esperando que hables de Qubes OS por años, amigo!
Thanks for making these informative videos.
much love for that, make more videos about that OS
i've already using QubesOS from 2015, its has been a great journey with it until today.
Qubes is based but it’s pretty buggy, accidentally filled my storage in a storage qube and my whole file system corrupted
@Mark Michon this was over a year ago now and I was too lazy at the time, I just went back to Ubuntu and Tails
Ensure that you have enough free space on your storage qubes to avoid potential problems. When a storage qube becomes full, it can cause issues with the overall system, including file corruption.
@@lolitaras22 This is... really bad. Containers being able to destroy the entire system without any sort of permissions exploit.
@@r0zemary If a volume is resized via Qubes interface may fail silently. If you try the same operation in the dom0 console with "qvm-volume extend" command you'll get "resize2fs: Permission denied to resize filesystem" message. resize2fs will not work, unless fsck is run first. There is a fix in the documentation.
Xen could provide a seamless boot from guest vm and a really robust hardware path through than KVM does
I was using NUCs as all-in-one office solution with different guest OSes (VoIP, LTSP in nbd-mode and pfSense) and I was impressed by reliability of Xen
Now I'm just a proxmox peasant
Poggers new video
Those kinds of solutions never caught up because for the user experience to be sweet and fluid your machine needs to be really a beast, I think that is totally worth it, but not everybody can afford a high end laptop, unfortunately.
PS: Shit! It took only 5 replies for the post to fall prey to the Godwin's law!
What should the age of consent be
@@phoneticalballsack Dude fuck the ancaps lmao, you can't defend the private property without a monopolized police, these guys aren't anarchists
It's intended for a very niche group of people, people that can invest in a pretty powerful laptop to protect their livelihoods and wellbeing like journalists, whistleblowers etc. Qubes is by no means intended for just anyone to use, since that defeats the purpose. If you feel your life is in danger, your only option is qubes os. Otherwise, there's plenty of alternatives like whonix
@@SeanSMST Isn't the purpose of alternative OS is that people SHOULD BE worried about being in danger?
@@phoneticalballsack You are one of those who also think that all collectivists are zoophilic, isn't it?
FINALLY A QUBESOS VID!!
still waiting for the DivestOS vid tho.
Different devices for different concerns is definitely the way to go, at least separating work and personal life. I have one phone for work, one phone for myself, one computer for work, one for myself. The biggest "crossover" between these two is when I use my work phone to call my private phone, because I can't find it.
QubesOS is this but using virtualisation rather than hardware. Which has the advantages. It’s all a trade off.
Is cube os good for tor usage ?
This is so cool... thank you kindly!
Great video, thank you for sharing this!
Genode / Sculpt OS is another system that seems to support VM based isolation. But it's very much a proof of concept thing and not very polished yet. Some people can run Qubes as their daily driver without many issues, but Genode / Sculpt is still a very long way from being end-user friendly. Still a nice concept though and I wish it develops into a usable desktop OS. It's a lot lighter-weight than Qubes.
Mental Outlaw Hi! Did you give a try to the Nouveau driver? Is there any problems recognizing newer cards. I wouldn't know because i no longer have my k2000 and i'm using an AMD card.
This glows hard
no cap (what the fuck is a linus
@@aynvs sauce?
@önus which ones?
OMG I never thought the day would come 😁
How does the Xen hypervisor perform under heavy GPU workloads like playing mid- to high-end games and running hydrodynamic simulations? How does it compare to KVM?
Really the best OS that came in existence. That is crucial for freedom. Tor too.
You should not try to install proprietary drivers. They're unsafe and can jeopardize your OPSEC.
Sorry, but QubesOS is not a gaming platform.
Thanks for sharing, was always curious what QubeOS was but never did research it myself, i dont think i would use it since it doesnt fit my needs its nice to know what it is. Thanks for the well created intro to what QubesOS is and what it does. Its a very impressive system.
Question ❓ if the vault vm isn't connected to any network, how were you able to install KeePassXC??
I'd really like more videos on this os, cause it seems interesting
Interesting. It’s a Meta-OS. I kinda figured this would be the eventual end state of computing
Thanks for the video! I wonder if the same thing done using containers instead of VMs would provide essentially the same security.
Not seem your video but I love Qubes and I plan to move my personal laptop to it, I only hope the community will grow
You can check Subgraph OS as one more solution for same threat model of isolation, but using containers, not full hardware virtualization.
Just a quick note at 6:00. Depending on your threat model you might want to know that disposable VMs in Qubes are not fully amnesic, in the sense that unlike say Tails, there is no guarantee that they will not touch your physical drive. If you want to protect your data locally with Qubes, FDE is the way to go.
What is fde?
@@DoomCatcher Full disk encryption
> If you want to protect your data locally with Qubes, FDE is the way to go.
A few scatter shot thoughts: I think the amnesia of TAILS OS should be named to reflect that it doesn't touch the drive at all -- amnesia seems more like writing and discarding. I haven't used Qubes in a few years, but IIRC then you have a permission system for file systems, so you explicitly allow access before anyway. If you use a disposable VM for some task, when you destroy and recreate it you should not have any impure files in the file system of that machine. I'm not sure I understand how full disk encryption will apply to the security model of Qubes here, as the individual VMs can not access each others memory / processes / filesystem, without explicit access or some unknown 0day hack (which may vary well have been the point of your comment, and if so excuse me)
@A Z That's interesting. Yeah I think Qubes disposable VMs are perfect to protect against malware and that kind of thing. I think the amnesic property of Tails is useful for those who need to defend against say a forensic analysis of a computer's drive. Tails writes everything to RAM exclusively, so when you switch off the computer your data is gone and cannot be recovered by a forensic analysis. Qubes cannot guarantee the same thing. I said FDE is the way to go in that scenario, although there's always the rubber hose method to get your passwords.
@Anon Ymous Dude, chill out. Take a deep breath, have a cup of coffee. Nobody was being aggressive here.
I have been thinking about making the switch. I have been wanting to minimize my digital life being able to manage what devices are connecting to personal/work/school etc and I have been considering the same for my family who are concerned for their personal security. I know I have a lot more to do just on my home network but it is so important. Once I try it out for myself and see what it can do I am probably going to switch all my machines to whonix if it can do pass through for GPUs, network devices, and what not.
Been using Solus for several months now(laptop). Real decent.It;s a rock, like Debian.
this is interesting. haven't heard of qubes os until now. thank you for showing. will you make a video where you explain how to set up such a system?
It’s all starting to click, now, man. Thank you.
Been using it the last few months as a daily driver, but I ran into issues once I tried to make a qube for music production and ended up breaking so much stuff, so I'll probably have to reinstall the whole thing. Wouldn't recommend for music production or gaming. Beyond that, it's good.
Agreed, though I think it's mostly or entirely due to having not a strong enough machine to virtualize Windows inside Qubes to run my propietary music applications (I don't game)
@@mksybr Well I went the route of installing kxstudio on Debian but I got no sound with Cadence or whatever it's called, so I made a specific audio qube to try to get it to work but ended up breaking my templates in the process.
A Windows qube sounds way smarter, but I wonder how little latency you could get (even on good hardware). Did you try installing something like Windows LTSC or Enterprise? Maybe it would run better that way?
@@GhostSamaritan I can't remember many specifics now, but I doubt it was anything other than a Pro version of Windows + Ableton live or FL Studio.
Nice. Thanks. 👍
Me and my homie were watching and I can't help but mention he described you as "THE IT Guy"
for security, how does silverlight do?
very similar fedora vm vibe as qubes
I tried QubeOS years ago but it was so clunky and difficult to get anything done, I just dropped it for a more traditional setup that has been hardened. If I ever want to do something super secure, I just use libvirt to setup a machine and configure the appropriate measures in place ad-hoc.
If the vault isnt connected to the network, how were you able to install keypass through the vault terminal?
Great vid as always! However I didn't understand how can you "sudo apt install" something inside of a vault if it's not connected to a net-vm according to the scheme.
And also, how is this OS updated?
I'm yet to find a way to emulate Qubes' virtual networking capabilities as well in VirtualBox and the like. It's so cool having separate VPN qubes with minimal overhead.
I'm sure its been done with KVM, maybe not Qubes and Xen given their security measures. If you really needed an Nvidia card for something, would it be possible to have an AMD card for the main system and just pass the Nvidia card to whatever VM needs it?
How important is your choice of hardware to ensure that Qubes OS is as secure as possible, if you take into consideration the risks associated with binary blobs in drivers and firmware?
yup - just OPintell and you'll find that since 2007 intel have had them on MB's (Intel ME Engine - reports home even when PC is off) and since 2012 on AMD CPUs (MSM - same thing) - different time status due to locale of fabs
@@SomeOne-mo7uw what should someone use instead?
@@DoomCatcher rpi
most hardware is run either from its own qubes, or from dom0 - if a vulnerability in hardware can be exploited from within a VM and compromise dom0 (which would be a trick and a half), you're pretty fucked, but if it's from its own qube, you're probably fine, since only that qube is affected. That's the reason behind putting most hardware into its own qubes.
@@SibaNL is that raspberry pi? I'm a noob when it comes to hardware and security I can't tell if you're trolling as I'm sure they're for android devices?
This is great!
Oh shit my boy finally does a review of QuebesOS
Hey I just installed Qubes. Do you know how I could add storage space to the vault Qube after installing another SSD? I tried reading the wiki on secondary storage but I am new to this type of stuff so the commands I don't understand. Thanks.
so even if you're running a windows10/11 qube it still doesn't play nice with the graphics? or is it just on the other parts and the windows part is ok?
Oh I asked under dozen of your videos to make one about this one. And finally you decided on ur own to do that (I bet 100$ that my comments weren't seen by you, and they got nearly no reactions)
What about files? Are they stored "in" a specific VM, or stored in a common file system but locked to a specific VM, or what? How does disposing of a VM and spinning up a fresh one preserve your data, while having your data protected against compromised VMs?
Installation instructions unclear, Qubes obstructing large intestine
Wow beautiful
im not an hecker, but what system do you use daily? (idk if you already responded to this question, im new)
How much percent slower xen than kvm? I haven't found any tests that have been done recently...
Really nice👍
Definitely keeping this one in mind for when I'm on the run from the feds.
Another security feature with Qubes OS: If someone got their hands on your actual machine, they probably wouldn't know how to use Qubes OS to get sensitive info lmao. But fr this is an awesome OS and I think it's very well made
Did you actually daily drive this? A few years ago, I tried this, and I daily drive Fedora, I used to use Mint and TAILS, (Just saying that I'm not a newb) I found the U.I. very confusing and not intuitive. Also I was having difficulty getting the shared clipboard working. Qubes is a very good idea, but for the every day user? Maybe I'll try it again.
Mental outlaw using broll! Never saw it coming
Hey just wondering how you installed the apo in the vault if it has no connection to the internet?
Good video.
Can you review the GNOPPIX Linux? They said that it is Kali base with decent hacking tools.
i have a question. how have the people trying to get to snowden not succeeded when the os source code is free to look at?
So video drivers are installed in dom, but the actual cards are in a video vm and the apps from their own vms send their guis to the video vm? (like X forwarding or something?) Display aside, how would say, an OpenCL program in its own vm access the gpu? Quite a lot to take in, I should probably start reading about this but not quite sure I want to commit to the rabbit hole... But in the same time, even though its not really for gaming, if this effectively achieves passthrough, might be nice to contain vr games and office in win7 qubes to get to them more seamlessly when occasionally wanted and not give them access to any drives or whatever that they just don't need to know about. Additionally having AUR stuff in its own qube might also be nice (though unfortunately no arch vms), since I'm one of those who doesn't always look at what their installing in as much depth as I probably should.
I'm gonna' stick with Fedora as my workhorse due to Nvidia drivers and the fact that my blue-collar job doesn't require me to use my computer in a professional sense barring the occasional email, but I'll definitely have to try this out on a secondary rig at some point.
Can I try this out in a virtualized environment? Or maybe run Qubes from a live usb?
thanks man
I see this as the most privacy based OS but it's impossible to game on it. Having a separate computer that has it installed is viable but the computer/laptop needs to have minimum 16 Gigs of RAM to be able to handle all the different visualization
Qube my OS baby
dom0 is kind of like the adam process in TempelOS 😆
Every empire needs a creator
But is dom0 related to mal0?
How did you manage to install KeyPassXC if that VM does not have access to the network?
Based af
18:53 But what does creating a new qube even achieve if the hypothetical feds were to figure out how to compromise the previous one? Wouldn't they just run the same attack they did previously and immediately compromise the new one? What security benefits does this actually have?
I tried this out of curiosity, but I found out it's not meant to run in server mode, and will end up freezing after longer uptimes. Only for desktop that you shut down every day basically