Qubes OS - First Impressions

แชร์
ฝัง
  • เผยแพร่เมื่อ 23 พ.ย. 2024

ความคิดเห็น • 824

  • @MentalOutlaw
    @MentalOutlaw  ปีที่แล้ว +18

    My merch is available on based.win. Save %10 at checkout when you pay in Monero (XMR)

    • @theoneaboveall6768
      @theoneaboveall6768 ปีที่แล้ว

      question? can i use qube as a live os like tails ? meaning booting it on whatever wherever pc/laptop whenever i need to go online ? and will it wipe out everything each boot never store nothing like tails ? thank you

    • @xxXKogasaWe3dL0rd420Xxx
      @xxXKogasaWe3dL0rd420Xxx ปีที่แล้ว

      @@theoneaboveall6768yes you can use it like tails

    • @gnulectures
      @gnulectures ปีที่แล้ว

      ​@@theoneaboveall6768 As a live OS? No. Theoretically, you could install QubesOS on a USB Flash Drive, but then it won't be a form of persistent media, so it won't forget everything on reboot like it would with Tails (and the performance would really suck).

    • @anthonypimentel7218
      @anthonypimentel7218 หลายเดือนก่อน

      11😊1​@@theoneaboveall6768

  • @strangemosaic2985
    @strangemosaic2985 ปีที่แล้ว +2339

    Finally! An alphabetical upgrade from PubesOS!

    • @rustymustard7798
      @rustymustard7798 ปีที่แล้ว

      The next one will be Rubes, totally unsecured and designed to leak data of any suckers who fall for it. Oldest trick in the book.

    • @Rolatnor
      @Rolatnor ปีที่แล้ว +55

      Ugh

    • @cyruskeane
      @cyruskeane ปีที่แล้ว +298

      How did you even come up with that joke.

    • @pawouapproval984
      @pawouapproval984 ปีที่แล้ว +54

      legendary

    • @strangemosaic2985
      @strangemosaic2985 ปีที่แล้ว +14

      @@rustymustard7798 Now that's great! I can hardly wait! 🍟👍🏿

  • @alaunaenpunto3690
    @alaunaenpunto3690 ปีที่แล้ว +587

    I use Qubes as my daily driver for personal use. It can be a struggle sometimes and I've had to modify my expectations more than once. While I've pondered switching to a standard linux distro, I value what qubes does to much to ever go back. No one does privacy and security as well as Qubes.

    • @duckmeat4674
      @duckmeat4674 ปีที่แล้ว +23

      What does it have to make it private that other distros dont? I get security but I thought tails (or heads) is far better for privacy. Also can you rice the dom0? The defaults are just horrid looking

    • @CrittingOut
      @CrittingOut ปีที่แล้ว +36

      @@duckmeat4674 whonix is safer and built in

    • @alaunaenpunto3690
      @alaunaenpunto3690 ปีที่แล้ว +33

      @@duckmeat4674 whonix qubes built-in for anon browsing and you can have qubes not connected to your network for sensitive tasks.
      You can technically rice dom0, but it's not easy, because it would defeat the purpose of keeping dom0 secure. It's designed to have as little software installed as possible to minimize risk. Dom0 is also based on much older versions of Debian or Fedora for stability. So the software you may want to install might not even be available in those repos. It's a trade-off. You can always change the DE. The default is Xfce, but KDE, Gnome, and i3 have also been used.

    • @duckmeat4674
      @duckmeat4674 ปีที่แล้ว +6

      @@CrittingOut whonix is safer than tails??

    • @njpme
      @njpme ปีที่แล้ว +2

      @@duckmeat4674 no. Possibility for Keylogger on original OS

  • @averagegeek3957
    @averagegeek3957 ปีที่แล้ว +168

    Cool that you covered Qubes OS.
    I personally know one of the devs (we worked for the same company and saw each other everyday). Had only heard of Qubes in passing before meeting them. They wore a Qubes OS shirt occasionally. One of the most competent programmers I've ever met, and the most competent one at that company, actually cared about good code quality and security.

  • @mukyumukyun
    @mukyumukyun ปีที่แล้ว +142

    the most secure os is actually temple os, can't connect to the internet, even usb connecting is more difficult to the average person, that is why it's the most secure one, this is why qubes os only pitching "a reasonably secure operating system" not "the most secure operating system"

    • @bogartwilley
      @bogartwilley ปีที่แล้ว +19

      Qubes might be great... But it ain't quite as Godly as TempleOS :D lol

    • @patrikjankovics2113
      @patrikjankovics2113 ปีที่แล้ว +10

      So you might ask the question.. What color is your temple?

    • @zweitekonto9654
      @zweitekonto9654 ปีที่แล้ว +2

      what good is an os if it cant access the internet?

    • @nothing_
      @nothing_ ปีที่แล้ว +25

      @@zweitekonto9654 who needs internet when you have god's temple as your os

    • @_Pyroon_
      @_Pyroon_ ปีที่แล้ว +15

      Ofc it's best, it's protected by HolyC and comes with the faith in Jesus firewall

  • @SniperOwl
    @SniperOwl ปีที่แล้ว +597

    I tried it myself a while ago but it seemed a bit to much considering my threat model. As a gamer, virtualization really kills performance. It makes everything a lot more complicated especially networking. Overall it is a pretty solid OS. I went back to arch for simplicity.

    • @khalvarius
      @khalvarius ปีที่แล้ว +208

      Btw, do you use arch?

    • @SniperOwl
      @SniperOwl ปีที่แล้ว +310

      @@khalvarius I actually do. How did you find out?

    • @goodnight517
      @goodnight517 ปีที่แล้ว +91

      @@SniperOwl 💀

    • @phoneticalballsack
      @phoneticalballsack ปีที่แล้ว +1

      YOU SHOULD BE ASHAMED OF YOURSELF!!!! YOU ARE NOT AN ADVOCATE FOR FREEDOM AND OPENNESS LIKE ME!!!!!!!!! I WILL NEVER STOP FIGHTING AGAINST THE OPPRESSIVE GOVERNMENTS WHO WANT TO CONTROL US ALL WITH THEIR BULLSHITS LAWS AND RULES THAT ARE DESIGNED TO KEEP PEOPLE IN LINE SO THEY CAN MAKE MORE MONEY OFF OF THEM. I AM HERE TO HELP OTHERS TO UNDERSTAND HOW IMPORTANT IT IS TO BE FREE FROM THOSE BASTARDS.... WE MUST STAND UP TOGETHER AS ONE OR WE WILL FALL TO THE POWERFUL CORPORATIONS THAT WANT OUR LIVES. WE ARE BETTER THEN THEM BECAUSE WE HAVE HEARTS OF GOLD AND THEY HAVE COLD DEAD BODIES WITHOUT SOULS OR FEELINGS FOR THE HUMANITY THAT IS BEING TORN INTO SHREDS IN THE NAME OF A FEW DOLLARS INSTEAD OF OUR RIGHTS AS A LIVING CREATURE ON EARTH.. IF THIS COUNTRY WASNT SUCH A SHITHOLE IT WOULDN'T MATTER WHAT KIND OF COMPUTER YOU HAVE BUT SINCE THIS IS AMERICA WHERE EVERYONE IS RACIST AND A BIGOT THERE IS NO WAY YOU CAN SURVIVE IN THIS SOCIETY UNLESS YOUR WHITE WHICH MAKES EVERYTHING WORSE FOR YOU WHENEVER SOMETHING GOES WRONG IN YOUR LIFE CAUSE NO ONE CARES FOR BLACK AMERICANS ANYMORE ESPECIALLY IN THE POLICE DEPARTMENT OR THE COURT SYSTEM. IF YOU WERE SMARTER THAT YOU ACTUALLY THINK YOU ARE YOU WILL LEAVE THESE GODFORSAKEN PLACES WITH ALL THE HATERS BEFORE SOMEONE ELSE DOES THE SAME TO YOU WHILE YOU'RE OUT THERE TRYING TO FIND SOMEWHERE SAFE FOR YOUR FAMILY TO CALL HOME AGAIN AFTER HAVING BEEN DISPLACED BY HURRICANE KATRINA AND OTHER NATURAL DISASTERS THE USA HAS HAD OVER THE YEARS. GO BACK TO AFRICA WITH THE REST OF YOUR BROTHERS AND SISTERS AND STAY OUT OF MY BUSINESS UNTILL I HAVE MADE ENOUGH CASH TO GET BACK INTO THE STATES FOR A VISIT TO SEE MY FRIENDS AT GOOGLE HQ IN CALIFORNIA.

    • @SeanSMST
      @SeanSMST ปีที่แล้ว +46

      Yeah not the os for gaming or media for the most part. More of an os to maintain high level of security, micromanage each section of your pc usage as well as work with digital forensics type stuff.

  • @stefun666
    @stefun666 ปีที่แล้ว +104

    thanks kenny for the constant quality in your content.

    • @kvykimo
      @kvykimo ปีที่แล้ว +6

      you mean luke?

    • @SmokelessMeme
      @SmokelessMeme ปีที่แล้ว

      @@kvykimo ??

    • @nubilate
      @nubilate ปีที่แล้ว +2

      @@SmokelessMeme “kenny” is a deepfake of luke smith…

    • @framepointer
      @framepointer ปีที่แล้ว +1

      @@SmokelessMeme you need to go back

  • @TheLibertyfarmer
    @TheLibertyfarmer ปีที่แล้ว +68

    I've been running Qubes OS since about 2017. Pretty much exclusively on 'GhostPads' (corebooted Thinkpads w/ the IME neutralized). Been selling them for as long. I prefer to compartmentalize tasks like gaming and media streaming to a second system to overcome Qubes limitations in those areas. I favor Dell M6700/M6800 mobile workstations running Xubuntu and the GPU either upgraded to a Tesla M6/Quadro M5000M/980m or a Quadro P3000 makes a great high value Linux Steam gaming and media straming box. I use the qubes box for everything except gaming and media streaming. W520/W530 ThinkPads are my preferred platform for Qubes since they are the generally the most powerful systems that can be corebooted and IME neutralized and they max out at 32gb of ram.

    • @Strkostas
      @Strkostas ปีที่แล้ว +5

      Hey, this is the first I hear about ghostpads. Is there a video of how it works or the process to get the IME neutralized? Thanks!

    • @techhoppy
      @techhoppy ปีที่แล้ว +2

      Where do you sell them?

    • @highimwolf
      @highimwolf 2 หลายเดือนก่อน

      Thinkpads lol? The same company that intentionally hacked every system they sold to end users and they got caught? Yeah trust them lol

    • @TheLibertyfarmer
      @TheLibertyfarmer 2 หลายเดือนก่อน +3

      @@highimwolf LOL we got Dunning Kruger chiming in... the thinkpads I modify are some of the only systems that can accept the full open source firmware replacement (Coreboot) as well as have the Intel management engine (IME) neutralized by in circuit programing the flash chip with an external; device. (you know what that is, right?) After modification there is nothing 'Lenovo' left in the firmware to to compromise anything. Then I install Qubes OS, which is the most state of the art for security and privacy. They are more security hardened than just about any off the shelf that can be bought. The firmware replacement projects focused on ThinkPads because of their build quality and mass availability.

  • @larsmurdochkalsta8808
    @larsmurdochkalsta8808 ปีที่แล้ว +86

    Instead of switching devices, one of the things that seems interesting to me is with a framework expansion slot SSD.
    I understand that it's slower and it can cause bottlenecking if you're running an eGPU but It seems really compelling to me.

    • @tobiaspcactus
      @tobiaspcactus ปีที่แล้ว +10

      It'd probably be more reasonable to just use any high-speed external SSD as a boot drive rather than going out of your way to get the Framework, as it's really just a fancy enclosure.

    • @rya3190
      @rya3190 ปีที่แล้ว +5

      If you use something like Core OS, or even run lighter applications, I'm sure the overhead wouldn't be too bad. For something bigger(like a game), you could probably store on the internal drive. It could also act like a fast backup, or be the in-between for downloads (acting like a decoy).

    • @larsmurdochkalsta8808
      @larsmurdochkalsta8808 ปีที่แล้ว +1

      @@tobiaspcactus I don't have a laptop right now in framework. Is the one I'm looking at.
      I just mention framework cuz that's kind of where I got the idea because it feels like such a seamless integration.

    • @gaafts
      @gaafts ปีที่แล้ว +2

      I have a framework device and did this. I ran Windows off of an expansion slot SSD so that I could use Ableton Live (Music performance software). Nothing else was on the SSD and the computer never connected to the internet. It worked without any noticeable lag and I used it for a live performance. However, it was super unstable, and would blue screen often. It could be because of my setup for Windows (because I removed a huge amount of bloatware, down to the Windows store and calculator app, which may have introduced instability). I believe consistent performance is possible.
      Keep in mind the framework ‘storage expansion card’ is just a quick flashdrive. Any laptop with a thunderbolt port and a quick flashdrive could provide similar results. In fact I original ran Windows off the laptop using a SAMSUNG T7 SSD, but swapped to the framework expansion card because the fancy enclosure makes a huge difference when trying to use a laptop like a laptop.

    • @makuru.42
      @makuru.42 ปีที่แล้ว +1

      @@larsmurdochkalsta8808 i would advise you to wait if you can for getting a framework, i want to get one to but wait until the chrome os model is really out and see if it can boot other OS's because the chrome os version will have an open sauce bootloader, giving you more control and maybe wait for an 13 gen Intel processor because it probably will have thunderbolt 5 giving you 80 Gb/s instead of "only" 40, useful if you want to use an eGPU,
      and if you want one right now, buy the DIY edition, hardly anything needs to be done and you save tons of cash for ram and SSD, that cost way to much on there website. I could build for you to, I guess, and that easily for 100 bucks less that the charge.

  • @Zappero
    @Zappero ปีที่แล้ว +131

    Hey man, just wanna thank you for showing me and everyone else how to be more privacy-aware and how awesome Linux can be! I use Windows since 3.1 and only now I've finally installed a Linux distro on my SSD. Also switched from Chrome to Firefox with many privacy addons. On Android switched a bunch of apps to FOSS and even installed and configured the TrackerControl app. It's been tough but so worth it!
    I would love if you talked more about Android. What apps you think are good to have there and such. Wish a happy New Year and success!

    • @SlenderHime
      @SlenderHime ปีที่แล้ว +1

      What is your list of Firefox privacy addons? I wanted to migrate from chrome to firefox

    • @HairEEck
      @HairEEck ปีที่แล้ว +4

      @@SlenderHime I highly recommend librewolf. Pretty easy to set up, all the necessary privacy addons and modifications are there, it's updated frequently and it helps that more people use it to have more and more people have the same "profile".
      It breaks some websites though, I don't think you can watch netflix with it but I haven't checked in a while. I use it everyday and I had no problem. Also the tor browser, while being slower is also great to use, the more legitimate traffic on tor the better

    • @Zappero
      @Zappero ปีที่แล้ว +3

      @@SlenderHime Sorry for the late reply. I use: uBlock Origin (disabled for youtube, I watch at least one 30 sec ad for the youtuber's sake), ClearURLs, Decentraleyes, Disconnect, Cookie AutoDelete, Facebook Container and Privacy Badger. They can all be downloaded straight from the addons page.
      You could go guerrilla style and use Librewolf, as mentioned before, or any other privacy enhanced Firefox forks but personally, I wouldn't recommend it. Disabling javascript breaks too many websites I visit.

    • @varion_
      @varion_ ปีที่แล้ว

      Fyi, Decentraleyes doesnt do much these days and LocalCDN is a better alternative. Firefox also has built-in cookie autodelete in the settings menu. Plus, having a lot of extensions actually makes you more identifiable for advertisers 😉

  • @-someone-.
    @-someone-. ปีที่แล้ว +86

    11:27 “unless it’s able to jump the hypervisor, which if it’s able to jump the hypervisor then everything’s screwed”
    🤣👍
    VMWare has been under attack quite a lot, (ESXi)
    I’m fairly certain we would have seen demos of qubes being expoilted at black hat conferences etc...if it was vulnerable.
    Usually with such a secure OS, it’ll be the “user” who makes that mistake which compromises it.
    Note, you do need a fairly modern and powerful laptop, or pc to run Qubes.

    • @plasticstuff69
      @plasticstuff69 ปีที่แล้ว +6

      Nope. Modern hardware tends to not play well with Qubes.

    • @-someone-.
      @-someone-. ปีที่แล้ว +8

      @@plasticstuff69 nor does an i5 650 cpu. Released around 2010, it is so slow with Qubes.
      I have run it on systems from 2015 and 2018 and it’s very useable. Both used AMD GPU’s

    • @rkjj.
      @rkjj. ปีที่แล้ว +1

      @@-someone-. What if feds have hardware bypasses

    • @-someone-.
      @-someone-. ปีที่แล้ว +23

      @@rkjj. well, intel has had a hardware backdoor since 2015, and also another pre 2002 CPU’s
      It’s like a cpu inside a cpu, ( backdoor in the cpu which allows another instance, totally separate from the main cpu, and also has its own dedicated network!?!)
      AFAIK this was mandated on all x86 chips made in the US after 2015. AMD just recently started using a similar system. This is probably a big reason why the chinese have gone so quickly to domestic semiconductor manufacturing and design.
      How would we stop thought crime if the NSA had to go get a warrant every time they wanted to search your computer?
      Edit: Also a huge reason why Apple is now building its own servers from the ground up, and why apple refuses to merge OS X and iOS. How can you have OS security when your CPU, memory and nic are all under control of whomever has the password to the ME?
      Anyway, nothing is truly secure, ...let’s all go back to carrier pigeon🤣👍

    • @chrimony
      @chrimony ปีที่แล้ว +3

      Xen has had and continues to have security vulnerabilities.

  • @TheFrantic5
    @TheFrantic5 ปีที่แล้ว +18

    I'm been trying half-heartedly to figure out a way to try this out, but I'm too lazy to dual boot and running Qubes via USB disables several important security features.
    Thank you for the fantastic explanation of its concepts.

    • @NoNameAtAll2
      @NoNameAtAll2 ปีที่แล้ว +2

      what kind of features?

    • @TheFrantic5
      @TheFrantic5 ปีที่แล้ว +2

      @@NoNameAtAll2 I'm not sure if this still the case, but having either USB inputs or running the system on a USB drive prevents the complete isolation of the USB stack from dom0.
      The installation brought it up as a huge security issue while running, but please keep in mind this was years ago and may not be the case anymore.

  • @matthewbond375
    @matthewbond375 ปีที่แล้ว +24

    This is a great OS concept. I've been using encrypted VirtualBox VM's to simulate this kind of environmental segregation for a long time, but to have this built into the base OS is awesome! I'll be trying out Qubes for sure, thank you!

  • @JohnSmith-ni4cs
    @JohnSmith-ni4cs ปีที่แล้ว +7

    Qubes is awesome. Two (small) notes:
    - Qubes uses linux but since it runs Xen underneath it all and you can replace everything else with other OSes it doesn't count as a linux distro. For example people have replaced the firewall with Mirage and you can run Windows as a qube.
    - Fedora packages are more up to date compared to debian. So for the AppVMs that security is a priority, use fedora.

  • @tordjarv3802
    @tordjarv3802 ปีที่แล้ว +36

    Now this is actually something I think can be worth trying out. While I don't think that it would be a good use on my main workstation (since I need more speed) I think that it would be perfect for a small traveling laptop that I actually would use on strange and evil networks.

    • @SeanSMST
      @SeanSMST ปีที่แล้ว +8

      For sure, but make sure it's a decently powerful laptop (1.5k+ price approx) as running these vms is fine on a desktop but can be trickier on laptops due to throttling.

    • @tordjarv3802
      @tordjarv3802 ปีที่แล้ว +1

      @@SeanSMST most newer laptops today would probably be fine. With small I mean physically small, like 13", not low performance.

  • @RealCyberCrime
    @RealCyberCrime ปีที่แล้ว +44

    Everyone on the FBI watchlist switching to Qubes after the Snowden endorsement

    • @thedoubleop
      @thedoubleop ปีที่แล้ว +13

      You mean everyone watching these Mental Outlaw videos?

    • @j.k.4479
      @j.k.4479 ปีที่แล้ว +3

      The FBI need better hobbies.

    • @izvvc
      @izvvc ปีที่แล้ว

      @@j.k.4479 the alphabet boys**

    • @Tommy-qu7tk
      @Tommy-qu7tk 10 หลายเดือนก่อน

      Lol there not smart enough to use Qubes

  • @jovanzdravkovic5851
    @jovanzdravkovic5851 ปีที่แล้ว +10

    This video gave me cozy 90s computer hacking vibes, thank you it made my night

  • @fiecylick3981
    @fiecylick3981 ปีที่แล้ว +5

    I'm generally glad you are covering this OS. There is not much talk about this operating system out there. Needs be a lot of tutorials and understanding styles of how to actually understand this system.

    • @fiecylick3981
      @fiecylick3981 ปีที่แล้ว +1

      @Anon Ymous I understand that point of view but for my case I like to make disposable systems and create new ones and have everything separated and not on one system for privacy constraints.
      I usually use Arch Linux as my daily use since I like emulation stuff and want to have a gaming experience when I can.
      But for QubesOS its very hardware demanding and its best to have a minimum of 32GB of ram and 2TB of storage as a start. Especially when it comes to the virtualization side of things, you would need proper things like IOMMU or whatever that is required for such things like QEMU/KVM.

  • @Mantikal
    @Mantikal ปีที่แล้ว +3

    Thanks for all the info, tips & review - great stuff.
    But, can we give some credit to - "Joanna Rutkowska" - the Polish computer security researcher (THE CREATOR/FOUNDER OF QUBES)
    - without which this video would never have been possible.

  • @MechMK1
    @MechMK1 ปีที่แล้ว +16

    Different devices for different concerns is definitely the way to go, at least separating work and personal life. I have one phone for work, one phone for myself, one computer for work, one for myself. The biggest "crossover" between these two is when I use my work phone to call my private phone, because I can't find it.

    • @anywhereroam9698
      @anywhereroam9698 ปีที่แล้ว +1

      QubesOS is this but using virtualisation rather than hardware. Which has the advantages. It’s all a trade off.

    • @Lrripper
      @Lrripper ปีที่แล้ว

      Is cube os good for tor usage ?

  • @redfruit1993z
    @redfruit1993z ปีที่แล้ว +9

    Really the best OS that came in existence. That is crucial for freedom. Tor too.
    You should not try to install proprietary drivers. They're unsafe and can jeopardize your OPSEC.
    Sorry, but QubesOS is not a gaming platform.

  • @bigboydrz
    @bigboydrz ปีที่แล้ว +2

    I like how you go into the specifics of internal security of an OS and I learned something here... Seems like a Windows computer is like an open highway where anything can talk to anything in and out without an endpoint protection program, which is essentially just a band aid of what a hypervisor or xen approach kind of takes, it's more inclusive and takes it from the top. Definitely seems more secure

  • @gcolombelli
    @gcolombelli ปีที่แล้ว +19

    Genode / Sculpt OS is another system that seems to support VM based isolation. But it's very much a proof of concept thing and not very polished yet. Some people can run Qubes as their daily driver without many issues, but Genode / Sculpt is still a very long way from being end-user friendly. Still a nice concept though and I wish it develops into a usable desktop OS. It's a lot lighter-weight than Qubes.

  • @Ricocossa1
    @Ricocossa1 ปีที่แล้ว +24

    Just a quick note at 6:00. Depending on your threat model you might want to know that disposable VMs in Qubes are not fully amnesic, in the sense that unlike say Tails, there is no guarantee that they will not touch your physical drive. If you want to protect your data locally with Qubes, FDE is the way to go.

    • @DoomCatcher
      @DoomCatcher ปีที่แล้ว

      What is fde?

    • @mikeyfreeman6803
      @mikeyfreeman6803 ปีที่แล้ว +14

      @@DoomCatcher Full disk encryption

    • @mksybr
      @mksybr ปีที่แล้ว

      > If you want to protect your data locally with Qubes, FDE is the way to go.
      A few scatter shot thoughts: I think the amnesia of TAILS OS should be named to reflect that it doesn't touch the drive at all -- amnesia seems more like writing and discarding. I haven't used Qubes in a few years, but IIRC then you have a permission system for file systems, so you explicitly allow access before anyway. If you use a disposable VM for some task, when you destroy and recreate it you should not have any impure files in the file system of that machine. I'm not sure I understand how full disk encryption will apply to the security model of Qubes here, as the individual VMs can not access each others memory / processes / filesystem, without explicit access or some unknown 0day hack (which may vary well have been the point of your comment, and if so excuse me)

    • @Ricocossa1
      @Ricocossa1 ปีที่แล้ว +1

      @A Z That's interesting. Yeah I think Qubes disposable VMs are perfect to protect against malware and that kind of thing. I think the amnesic property of Tails is useful for those who need to defend against say a forensic analysis of a computer's drive. Tails writes everything to RAM exclusively, so when you switch off the computer your data is gone and cannot be recovered by a forensic analysis. Qubes cannot guarantee the same thing. I said FDE is the way to go in that scenario, although there's always the rubber hose method to get your passwords.

    • @Ricocossa1
      @Ricocossa1 ปีที่แล้ว

      @Anon Ymous Dude, chill out. Take a deep breath, have a cup of coffee. Nobody was being aggressive here.

  • @DanielSMatthews
    @DanielSMatthews ปีที่แล้ว +42

    How important is your choice of hardware to ensure that Qubes OS is as secure as possible, if you take into consideration the risks associated with binary blobs in drivers and firmware?

    • @SomeOne-mo7uw
      @SomeOne-mo7uw ปีที่แล้ว +5

      yup - just OPintell and you'll find that since 2007 intel have had them on MB's (Intel ME Engine - reports home even when PC is off) and since 2012 on AMD CPUs (MSM - same thing) - different time status due to locale of fabs

    • @DoomCatcher
      @DoomCatcher ปีที่แล้ว

      @@SomeOne-mo7uw what should someone use instead?

    • @SibaNL
      @SibaNL ปีที่แล้ว

      @@DoomCatcher rpi

    • @georgiishmakov9588
      @georgiishmakov9588 ปีที่แล้ว +3

      most hardware is run either from its own qubes, or from dom0 - if a vulnerability in hardware can be exploited from within a VM and compromise dom0 (which would be a trick and a half), you're pretty fucked, but if it's from its own qube, you're probably fine, since only that qube is affected. That's the reason behind putting most hardware into its own qubes.

    • @DoomCatcher
      @DoomCatcher ปีที่แล้ว

      @@SibaNL is that raspberry pi? I'm a noob when it comes to hardware and security I can't tell if you're trolling as I'm sure they're for android devices?

  • @markjenkins9424
    @markjenkins9424 ปีที่แล้ว +10

    Great video once again. Been using Qubes OS for some years now and gets better with each update. If anyone is looking into a good portable system to run Qubes on, I would highly recommend the Lenovo X230. This laptop ticks many boxes on compatibility for the OS and is just a cool laptop anyway. Make sure the processor has virtualization, and at least 16gb of RAM. I would also recommend you use full disk encryption and HEADS for verifying boot. If you want to be a complete maverick I would go ahead and nute intel ME as well, we do not like the management engine here.

    • @highimwolf
      @highimwolf 2 หลายเดือนก่อน

      Lenovo is the worst company to trust, they intentionally put spyware in their own laptops, look it up

  • @freedom_aint_free
    @freedom_aint_free ปีที่แล้ว +48

    Those kinds of solutions never caught up because for the user experience to be sweet and fluid your machine needs to be really a beast, I think that is totally worth it, but not everybody can afford a high end laptop, unfortunately.
    PS: Shit! It took only 5 replies for the post to fall prey to the Godwin's law!

    • @phoneticalballsack
      @phoneticalballsack ปีที่แล้ว +5

      What should the age of consent be

    • @Anomajulia
      @Anomajulia ปีที่แล้ว

      @@phoneticalballsack Dude fuck the ancaps lmao, you can't defend the private property without a monopolized police, these guys aren't anarchists

    • @SeanSMST
      @SeanSMST ปีที่แล้ว +5

      It's intended for a very niche group of people, people that can invest in a pretty powerful laptop to protect their livelihoods and wellbeing like journalists, whistleblowers etc. Qubes is by no means intended for just anyone to use, since that defeats the purpose. If you feel your life is in danger, your only option is qubes os. Otherwise, there's plenty of alternatives like whonix

    • @theotherohlourdespadua1131
      @theotherohlourdespadua1131 ปีที่แล้ว +2

      @@SeanSMST Isn't the purpose of alternative OS is that people SHOULD BE worried about being in danger?

    • @crack6241
      @crack6241 ปีที่แล้ว

      @@phoneticalballsack You are one of those who also think that all collectivists are zoophilic, isn't it?

  • @nah5476
    @nah5476 ปีที่แล้ว

    i've already using QubesOS from 2015, its has been a great journey with it until today.

  • @truebadstory
    @truebadstory ปีที่แล้ว +5

    Xen could provide a seamless boot from guest vm and a really robust hardware path through than KVM does
    I was using NUCs as all-in-one office solution with different guest OSes (VoIP, LTSP in nbd-mode and pfSense) and I was impressed by reliability of Xen
    Now I'm just a proxmox peasant

  • @commandcracker42
    @commandcracker42 ปีที่แล้ว +3

    This is the best video explaining CubeOS I have seen so far

  • @Foiliagegaming
    @Foiliagegaming ปีที่แล้ว +3

    I have been thinking about making the switch. I have been wanting to minimize my digital life being able to manage what devices are connecting to personal/work/school etc and I have been considering the same for my family who are concerned for their personal security. I know I have a lot more to do just on my home network but it is so important. Once I try it out for myself and see what it can do I am probably going to switch all my machines to whonix if it can do pass through for GPUs, network devices, and what not.

  • @lerneninverschiedenenforme7513
    @lerneninverschiedenenforme7513 10 หลายเดือนก่อน

    thank you for the video! Very helpful!
    QubesOS looks like it's solving the problem of 'everything is shared on a computer' with a brute force method. 'Capability systems' (ocap) seems to have the cleaner approach.

  • @opDavi1
    @opDavi1 ปีที่แล้ว +5

    Another security feature with Qubes OS: If someone got their hands on your actual machine, they probably wouldn't know how to use Qubes OS to get sensitive info lmao. But fr this is an awesome OS and I think it's very well made

  • @WillMoon
    @WillMoon ปีที่แล้ว +10

    Interesting. It’s a Meta-OS. I kinda figured this would be the eventual end state of computing

    • @SaintJames14
      @SaintJames14 6 วันที่ผ่านมา

      End state? This is just the beginning lol

  • @kevalan1042
    @kevalan1042 ปีที่แล้ว +3

    I tried this out of curiosity, but I found out it's not meant to run in server mode, and will end up freezing after longer uptimes. Only for desktop that you shut down every day basically

  • @lestercaminero2076
    @lestercaminero2076 ปีที่แล้ว +2

    He estado esperando que hables de Qubes OS por años, amigo!

  • @depchimp
    @depchimp ปีที่แล้ว +2

    I got my hands on a couple of old servers recently for cheap, and been playing with Proxmox, I'v used QubesOS in the past but this was giving me ideas on how to set up a few VM's and containers, thanks ^.^

  • @hhbadarin
    @hhbadarin 10 หลายเดือนก่อน

    This is the best Qubes OS tutorial ever! Thank You!

  • @corrupteddrive
    @corrupteddrive ปีที่แล้ว

    Absolutely love your content and I really appreciate what you do thx for the content!

  • @echo5394
    @echo5394 ปีที่แล้ว +3

    I'm yet to find a way to emulate Qubes' virtual networking capabilities as well in VirtualBox and the like. It's so cool having separate VPN qubes with minimal overhead.

  • @Se7enSoups
    @Se7enSoups ปีที่แล้ว +3

    Question ❓ if the vault vm isn't connected to any network, how were you able to install KeePassXC??

  • @GhostSamaritan
    @GhostSamaritan ปีที่แล้ว +3

    Been using it the last few months as a daily driver, but I ran into issues once I tried to make a qube for music production and ended up breaking so much stuff, so I'll probably have to reinstall the whole thing. Wouldn't recommend for music production or gaming. Beyond that, it's good.

    • @mksybr
      @mksybr ปีที่แล้ว

      Agreed, though I think it's mostly or entirely due to having not a strong enough machine to virtualize Windows inside Qubes to run my propietary music applications (I don't game)

    • @GhostSamaritan
      @GhostSamaritan ปีที่แล้ว +1

      @@mksybr Well I went the route of installing kxstudio on Debian but I got no sound with Cadence or whatever it's called, so I made a specific audio qube to try to get it to work but ended up breaking my templates in the process.
      A Windows qube sounds way smarter, but I wonder how little latency you could get (even on good hardware). Did you try installing something like Windows LTSC or Enterprise? Maybe it would run better that way?

    • @mksybr
      @mksybr ปีที่แล้ว

      @@GhostSamaritan I can't remember many specifics now, but I doubt it was anything other than a Pro version of Windows + Ableton live or FL Studio.

  • @Jennn
    @Jennn ปีที่แล้ว

    Thank You for Teaching us the Details of these OS's you share!

  • @vicstoron
    @vicstoron ปีที่แล้ว +2

    FINALLY A QUBESOS VID!!
    still waiting for the DivestOS vid tho.

  • @drgr33nUK
    @drgr33nUK ปีที่แล้ว +1

    I tried QubeOS years ago but it was so clunky and difficult to get anything done, I just dropped it for a more traditional setup that has been hardened. If I ever want to do something super secure, I just use libvirt to setup a machine and configure the appropriate measures in place ad-hoc.

  • @NickVoid
    @NickVoid ปีที่แล้ว +1

    You can check Subgraph OS as one more solution for same threat model of isolation, but using containers, not full hardware virtualization.

  • @sliceoflife5812
    @sliceoflife5812 ปีที่แล้ว +2

    OMG I never thought the day would come 😁

  • @zil6470
    @zil6470 ปีที่แล้ว +2

    Thank you for your work and this video!
    It would be nice, if you have the time and patience, to do a tutorial series about QubesOs, from Zero to Hero !
    Thank you and keep up the good work!

  • @joedingy9854
    @joedingy9854 ปีที่แล้ว +4

    I see this as the most privacy based OS but it's impossible to game on it. Having a separate computer that has it installed is viable but the computer/laptop needs to have minimum 16 Gigs of RAM to be able to handle all the different visualization

  • @Darudas0420
    @Darudas0420 ปีที่แล้ว +2

    much love for that, make more videos about that OS

  • @artvandelay6457
    @artvandelay6457 ปีที่แล้ว

    Great info, will have to try it out. Love the segmentation. Thank you sir and MerryChristmas && Happy -NewYear

  • @yeayea8334
    @yeayea8334 ปีที่แล้ว +1

    0:38 Edward Snowden
    1:21 if you’re only using user accounts for separation
    5:06 colors
    8:44 Netvm
    19:32 downside

  • @Neuer_Alias_erstellen
    @Neuer_Alias_erstellen ปีที่แล้ว +12

    dom0 is kind of like the adam process in TempelOS 😆

    • @sliceoflife5812
      @sliceoflife5812 ปีที่แล้ว +1

      Every empire needs a creator

    • @TheFrantic5
      @TheFrantic5 ปีที่แล้ว

      But is dom0 related to mal0?

  • @cheebadigga4092
    @cheebadigga4092 ปีที่แล้ว +1

    Thanks for the video! I wonder if the same thing done using containers instead of VMs would provide essentially the same security.

  • @supercellodude
    @supercellodude ปีที่แล้ว +11

    This might sound like a strange suggestion: Oasis Linux seeks to make a non-GNU distribution with all statically linked executables and a relatively new build system that uses lua scripts to generate ninja-compatible build instructions. What's your opinion of dynamic linking and how pervasive it is among Unixes? (not to mention DLL hell on Windows at times)

    • @anywhereroam9698
      @anywhereroam9698 ปีที่แล้ว

      Anything built with glibc will be dynamically linked. Even when compiled as static. It’s a glibc thing. Glibc is probably the most popular libc in use in Linux distros. So I’d dynamically linking is pervasive.

  • @hat8694
    @hat8694 ปีที่แล้ว +11

    Poggers new video

  • @dougtilaran3496
    @dougtilaran3496 ปีที่แล้ว

    Been using Solus for several months now(laptop). Real decent.It;s a rock, like Debian.

  • @kpcraftster6580
    @kpcraftster6580 ปีที่แล้ว +1

    How does the Xen hypervisor perform under heavy GPU workloads like playing mid- to high-end games and running hydrodynamic simulations? How does it compare to KVM?

  • @Kodeb8
    @Kodeb8 ปีที่แล้ว +1

    Definitely keeping this one in mind for when I'm on the run from the feds.

  • @weeb3277
    @weeb3277 9 หลายเดือนก่อน +1

    what if you create different accounts on different partitions?

  • @dafoex
    @dafoex ปีที่แล้ว +2

    I'm sure its been done with KVM, maybe not Qubes and Xen given their security measures. If you really needed an Nvidia card for something, would it be possible to have an AMD card for the main system and just pass the Nvidia card to whatever VM needs it?

  • @truckslove
    @truckslove ปีที่แล้ว +5

    Compare ChromeOS's Linux containers to QubesOS's Qubes! I'd especially like to compare the state of GPU acceleration in Qubes versus the ChromeOS Linux containers (in the ChromeOS beta channel)

    • @tacticalcenter8658
      @tacticalcenter8658 ปีที่แล้ว

      Avoid chrome. the whole brand is an arm of the government.

    • @freevbucks8019
      @freevbucks8019 ปีที่แล้ว

      There's none to maximize security

  • @mekangtogo420
    @mekangtogo420 ปีที่แล้ว +1

    I'd really like more videos on this os, cause it seems interesting

  • @toxiccan175
    @toxiccan175 ปีที่แล้ว +9

    Installation instructions unclear, Qubes obstructing large intestine

  • @fuzzywuggzy506
    @fuzzywuggzy506 ปีที่แล้ว +1

    I'm gonna' stick with Fedora as my workhorse due to Nvidia drivers and the fact that my blue-collar job doesn't require me to use my computer in a professional sense barring the occasional email, but I'll definitely have to try this out on a secondary rig at some point.

  • @j.b.7982
    @j.b.7982 ปีที่แล้ว

    Thanks for making these informative videos.

  • @jess8766
    @jess8766 4 หลายเดือนก่อน

    It would be interesting if you covered in such videos how project exists in financial plan aka where they get money for development. This is a fundamental point when it comes to safety

  • @freevbucks8019
    @freevbucks8019 ปีที่แล้ว +1

    For all of you that are asking for GPU acceleration, no, there won't be any more GPU acceleration.
    Yes, in the past there was, but it's been favoured a more secure virtualization protocol at the cost of virtualization alltogether.

    • @daleowens7695
      @daleowens7695 9 หลายเดือนก่อน

      Was thinking about that.... I might try to get gpu passthrough going for fun next gaming rig I get and dual booting qubes to tinker around with.

  • @crabbington7736
    @crabbington7736 ปีที่แล้ว

    Me and my homie were watching and I can't help but mention he described you as "THE IT Guy"

  • @KlitFisto
    @KlitFisto ปีที่แล้ว +1

    I believe the whonix ws dvm is the amnesiac qube and I think the anon-whonix is the template for it. Correct me if I’m wrong

  • @Hisu0
    @Hisu0 ปีที่แล้ว +1

    I wonder if there are solutions that take plausible deniability to the max, rather than just competently engage in an open, fair contest of digital wits. Something that can help when they have already got you strapped to the chair in their lab and your PC is sitting nearby, something that will look convincingly normal to them without giving out any hints of subterfuge unless they know exactly what they're looking for.

  • @nalinredteeth100
    @nalinredteeth100 ปีที่แล้ว

    Not seem your video but I love Qubes and I plan to move my personal laptop to it, I only hope the community will grow

  • @lendersbagels01
    @lendersbagels01 ปีที่แล้ว

    It’s all starting to click, now, man. Thank you.

  • @johanngambolputty5351
    @johanngambolputty5351 ปีที่แล้ว

    So video drivers are installed in dom, but the actual cards are in a video vm and the apps from their own vms send their guis to the video vm? (like X forwarding or something?) Display aside, how would say, an OpenCL program in its own vm access the gpu? Quite a lot to take in, I should probably start reading about this but not quite sure I want to commit to the rabbit hole... But in the same time, even though its not really for gaming, if this effectively achieves passthrough, might be nice to contain vr games and office in win7 qubes to get to them more seamlessly when occasionally wanted and not give them access to any drives or whatever that they just don't need to know about. Additionally having AUR stuff in its own qube might also be nice (though unfortunately no arch vms), since I'm one of those who doesn't always look at what their installing in as much depth as I probably should.

  • @thiagovieira8569
    @thiagovieira8569 ปีที่แล้ว +2

    Mental outlaw using broll! Never saw it coming

  • @MrHack4never
    @MrHack4never ปีที่แล้ว +3

    My idea of security is more to avoid wiping my SSD by accident or malware, so this seems too overkill for me

    • @mksybr
      @mksybr ปีที่แล้ว

      This operating system is design to mitigate the harms that malware can cause on many non Qubes based linux distros.

  • @glitchy_weasel
    @glitchy_weasel ปีที่แล้ว

    Very interesting operating system. Great video as always!

  • @Szala89r
    @Szala89r 2 หลายเดือนก่อน

    @MentalOutlaw Why you were able to install keepassxc on isolated vm used as vault? Does this store entire repository locally? How it is being updated?

  • @Froggie92
    @Froggie92 ปีที่แล้ว +1

    for security, how does silverlight do?
    very similar fedora vm vibe as qubes

  • @skeevert4399
    @skeevert4399 ปีที่แล้ว +1

    Great vid as always! However I didn't understand how can you "sudo apt install" something inside of a vault if it's not connected to a net-vm according to the scheme.
    And also, how is this OS updated?

  • @spaghettiking653
    @spaghettiking653 ปีที่แล้ว

    18:53 But what does creating a new qube even achieve if the hypothetical feds were to figure out how to compromise the previous one? Wouldn't they just run the same attack they did previously and immediately compromise the new one? What security benefits does this actually have?

  • @tsnp423
    @tsnp423 ปีที่แล้ว

    Great video, thank you for sharing this!

  • @ccp_fact_checker
    @ccp_fact_checker ปีที่แล้ว

    I use 5 different devices but only travel with 2 laptops, I will try this, I will build a laptop now - Thank you

  • @braiinworms
    @braiinworms ปีที่แล้ว +2

    i was obsessed with qubes when i was on a lot of uppers and thought the government listened to my phone calls. but then i was like this isnt even aesthetic?

  • @gadgetdoc
    @gadgetdoc ปีที่แล้ว

    The key thing I didn't realize is that you should try to virtualize Kube OS. I'm going to throw this on a spare laptop or two and see how it goes.

  • @darfjono
    @darfjono ปีที่แล้ว +1

    "good luck, i'm behind 7 proxies!" the os

  • @wappynwappyn6984
    @wappynwappyn6984 ปีที่แล้ว

    Oh I asked under dozen of your videos to make one about this one. And finally you decided on ur own to do that (I bet 100$ that my comments weren't seen by you, and they got nearly no reactions)

  • @preflex3502
    @preflex3502 ปีที่แล้ว +3

    "You might even want further compartmentalization of your personal life. Maybe you have a gaming account, say Steam account or different game profiles, things like that."
    For gaming purposes, Qubes is pretty-much digital chindogu. Even with a second GPU for vt-d passthrough, it's very unpleasant. Without such luxury, it's downright painful.
    Qubes is great, as long as you don't care about GPU stuff.

  • @thebets457
    @thebets457 ปีที่แล้ว +1

    Thanks for sharing, was always curious what QubeOS was but never did research it myself, i dont think i would use it since it doesnt fit my needs its nice to know what it is. Thanks for the well created intro to what QubesOS is and what it does. Its a very impressive system.

  • @stevengill1736
    @stevengill1736 ปีที่แล้ว +1

    This is so cool... thank you kindly!

  • @insanitycubed8832
    @insanitycubed8832 ปีที่แล้ว +3

    Edward Snowden could easily be made into the best psyop, because just his endorsement has me hard for qubes

  • @acalavidyaraja
    @acalavidyaraja ปีที่แล้ว

    this is interesting. haven't heard of qubes os until now. thank you for showing. will you make a video where you explain how to set up such a system?

  • @ruirosado6289
    @ruirosado6289 ปีที่แล้ว

    Mental Outlaw Hi! Did you give a try to the Nouveau driver? Is there any problems recognizing newer cards. I wouldn't know because i no longer have my k2000 and i'm using an AMD card.

  • @lulapt2030
    @lulapt2030 ปีที่แล้ว +17

    This glows hard

  • @truenerthus4460
    @truenerthus4460 ปีที่แล้ว +5

    I actually use Qubes as my daily driver and I love it

    • @color.8467
      @color.8467 ปีที่แล้ว

      do you game on it?

    • @truenerthus4460
      @truenerthus4460 ปีที่แล้ว

      @@color.8467 You can but it is painful to get working. A lot of AntiCheats will false flag you or just flat out not work. But I have managed to get CSGO and DayZ working on it

    • @JamesWilson01
      @JamesWilson01 ปีที่แล้ว

      Do you have an Arch VM?

    • @truenerthus4460
      @truenerthus4460 ปีที่แล้ว +3

      @@JamesWilson01 No, for the most part I have fedora machines. I have 1 or 2 Debian machines. My threat model requires many separate and unique identities

    • @JamesWilson01
      @JamesWilson01 ปีที่แล้ว +4

      @@truenerthus4460 I'm just messing about and it was a stupid question anyway because you would've mentioned it already if you did 💀 Enjoy Qubes OS! 😁

  • @lythd
    @lythd 2 หลายเดือนก่อน

    are you gonna make an update video to this since its been a year? would be cool to get more recent thoughts

  • @getblowd407
    @getblowd407 ปีที่แล้ว +1

    If the vault isnt connected to the network, how were you able to install keypass through the vault terminal?

  • @average_snmp_user
    @average_snmp_user ปีที่แล้ว +1

    This OS looks perfect but i wish i could game on it. what a shame that GPU passthrough is not officially supported. It would be nice if you could do a video on GPU passthrough / gaming for this OS.

  • @TadanoHitohito
    @TadanoHitohito ปีที่แล้ว +6

    Does QubesOS have a good solution for GPU passthrough? If it does, this would be perfect

    • @ftlengineer
      @ftlengineer ปีที่แล้ว +3

      Second this. I got into Qubes because I was messing with Stable Diffusion and had a severe malware attack. I understand passing an Nvidia card through Qubes is...hard, but currently I have to keep the computer I generated art on airgapped.

    • @mateusz2099
      @mateusz2099 ปีที่แล้ว +6

      @@ftlengineer what happened? How did you get attacked by malware through/using stable difussion?

    • @barrettvelker198
      @barrettvelker198 ปีที่แล้ว

      Was it something in the repo?

    • @pafnutiytheartist
      @pafnutiytheartist ปีที่แล้ว

      Not really. He talks about it towards the end of the video

    • @superfeel1275
      @superfeel1275 ปีที่แล้ว

      @@ftlengineer you got pickled LOL

  • @zXHAcKeRzXz
    @zXHAcKeRzXz ปีที่แล้ว

    It's like AppArmor or SeLinux, it's great if dev of softwares bother to fine tune every interactions of their productions and make it a configuration files for these protection, otherwise it's just a nightmare, you spend your life configuring what can interact with what