Thanks, Mr. Chris. I have been reading about this OS already. Never thought you would make a video about it, let alone entering the secure computing domain. The U.S: intelligence community and your own government as part of the Five Eyes alliance, are against this as they are enemies of privacy and secure civilian communications. Not only you are the best, now you are also the bravest teacher. Thank you very much.
I'm so grateful to you for introducing Qubes to the wider audience. I believe we need more privacy and security tools for wide population more than ever now. Qubes is so innovative and helpful.
The real question is why we didn't get something like this twenty years ago. Forty years ago, the answer was simple: No personal computer networking, and not nearly enough memory. Thirty years ago: still not quite enough memory and personal computer networking was mostly limited to BBSs. Twenty years ago, when the Internet was taking off and the first few generations of viruses and malware were infecting Grandmom's computer and she had no idea why it was slowing down so she just lived with it, this is exactly the sort of thing that was needed.
17 years ago there were options. I used to clone a usermodelinux image that parsed /proc/cmdline in rc.local for hostname, ipaddress etc. then theres xnest (and xephyr) for a kinda naive gui isolation. ironcally, the one app hard to isolate was the browser. vmware was pretty common, but obviously took more resources. good for that browser. before qubes, i knew others who virtualized their desktops too. we all just wrote our own way. by then i was using virtualbox with ansible and packer. some did similar with virtualbox. and of course, theres vagrant, the 2nd easiest way.
I found your channel when I was looking for things to do with my Raspberry Pi, but I like that your channel varies from week to week. Sometimes it's hardware, sometimes software. Thanks.
You pick the best topics from extremely wide ranges of technology... it seems like whenever I find some new gadget or software that is interesting you have already done a video on it
This is a great idea for an operating system. On the occasion when I have a file I'm not quite sure about, I sometimes use an old laptop as my 'virtual' machine to open it. I can see where Qubes would be very handy indeed. Thanks for another great video! On an unrelated note, yesterday my Odroid XU4 arrived. My wife was in the room when I said 'not to worry, Mr. Sicissors will get us in'. Her look was priceless!
I haven't used Qubes in years. Joanna is a brilliant developer! Thanks for bringing attention to such an undervalued privacy tool! At first, I thought you were running this on ARM SBC and was very intrigued. But you are brave for submitting a Celeron to all this workload.
I Started Watching Your Video But Got Off On The Hardware So Much, I Had To Go Watch (Like & Comment) Your Video From April Featuring The Board Itself. You Sir Will Always Rock!
Looks like a user friendly combination of Jails+Bhyve on FreeBSD.... very nice indeed! Thank you Christopher, you manage to educate & entertain in equal measure....very much appreciated...
I gave Qubes a run roughly 6 years back now and just couldn't come to grips with it at the time - thanks heaps for this great explanation Chris... might be time for another spin round the block with this 👌
@@buggerlugz6753 - I let out a good laugh at this, but it's true. We are guests of the most chill tech talk voice in the land, when many are overly brash in their delivery, and we get you sit back and relax.
As usual you give us valid and brilliant information. I just started with Qubes OS two days ago, after i found a laptop that could run it. Just took me 1½ years of waiting. And I was wondering how to install like Libress in Qubes OS. Because i could not get access to the internet. But you show us how, so now i gratefully can continue my new quest with Qubes OS. I hope you will make more stuff about Qubes OS.
Very interesting. There are a lot of features provided by the CPU vendors that are included so that wise system programmers can lock things down. This OS takes advantage of some of these arrangements. I am interested in learning more :-)
Excellent introduction to Qubes OS. Only watching it now as I am new to the channel. Clearly there is security value in separating different tasks in different virtual machines. But attack vectors will still exist. The cross-cube copy mechanism being a case in point. The Windows sandbox could be used in a somewhat "similar" way. But already people are discussing how to hack it. Cross VM hacking is not unknown.
Will I use this? Likely not but fascinating nonetheless. Perhaps more important for me is the relaxing interlude I get every Sunday morning, so valuable during these times. Thanks Chris!
You definitely need to explore this thing more by testing out a windows template and by doing some performance tests with stuff running on native operating systems vs their virtualized variants.
Speed difference is negligible - you'll obviously have multiple OSes competing for CPU and RAM if you run 2 or more at once, but unless they're doing background tasks (updates for example), it'll be no different to running the apps you have up front on one single OS.
Fascinating...I loaded to a dell E7240 ultra-book which has a 512gb msata drive and 8gb of memory and it seems to be quite happy. I did have to fiddle a bit with usb drivers but well worth the effort...connected to my wifi without fuss but much faster via Ethernet and the UI is very pleasing to navigate...Thanks 👍 !
As the computing power available to us supersedes our ability to even make effective use of it the majority of the time, an operating system like this that puts virtual machines front an center of everything becomes more than just a grand security experiment, but entire in-home mainframes could be possible that could be running any operating system ever. The ease by which a person with one, big, powerful machine that they maintain and upgrade can provide sandboxed computing environments for an entire household with just a few clicks excites me more than the security implications. Everything else is networked dumb terminals. Most people won't WANT to do that, but .. I do. Something about that idea just excites me a lot.
What an interesting and novel approach to an OS. Based up the video, its seems that the user really needs to choose a specific template to serve as the basis of all of their qubes. Otherwise, the user would need download and install apps for each of the templates, taking time and storage space. Thanks for an outstanding video both in terms of the introducing the Qubes OS to the community and the excellent productin values you bring to each of your videos. Keep up the excellent work.
Yes, you are right, basing all qubes on one template would save space and multiple software installs. But you may also want different software in different qubes.
Hi Chris. Just want to thank you for your great in depth technical videos. I used to watch Twit TVs Screensavers way back when it was very technical but they transitioned to just talking about phones and of coarse the show is now gone. Hope to keep seeing more of your great videos for a long time to come! Thanks again!
Very interesting. I have been doing something similar with both physical and virtual machines for years. Curious about high level security and also concerned about the single point of failure. Then again most people don't have a Windows domain in their house like I do.
Love your stuff and love your style. I teach IT professionals and usually find some cool nuggets in your videos. I will admit, though, that one of my pet peeves is folks pressing Apply then Okay. That's redundant. Apply saves your changes but leaves the dialog open so that you can make more changes. Okay saves your changes and closes the box. No need to do both.
I am well aware of this. But this is a video, and getting everything perfect in a single take is extremely difficult. This video was recorded over 4 days (168GB of data grabs), and most takes were done at least 10 times, with considerable reset in between. As soon as I clicked on "Apply" I went "damn" in my head, but there I'd done it. So I left in the two clicks on "Apply" and then "OK". Remember this is a video -- it is not real life! :)
Nice coincidence. I just was looking into this this week. The inventor is a very smart woman, Joanna Rutkowska, and she is definitely looking out for us. I trust her. Which is saying a lot. And the OS seems to have thought of everything, including obscure things.
Thinking about it more; I'm running win10 and Mac Mohave on an Intel i7 with the OracleVM. If I were to upgrade, would you recomend an i9 or the threadripper from AMD? I do love the virtualisation of this OS and the ability to assign things like networking to one VM and not the other. Would allow me to, finally, get control over the OS back. And still be able to fall back on my windows developer software dependancy. Highest regards, Machiel.
It is interesting to see Xen used in the workstation / client arena, I suppose it only makes sense and yes very nice wrappers around the xen tools to create dom U's via templates which is very similar to the text only templates for server grade installations. Haven put this on lower grade hardware the demo here just goes to show how robust / mature the XEN VM archetecture is and should be a testiment to it being the best solution for any VM requirement. Linux has a number of VM options those being XEN , VMWare , QEMU , VirtualBox , KVM each has its pro's and con's and use case. This was a good overview of a good use case for Xen.
Thanks for presenting this. I've heard about the OS before, but I didn't give much thought into it as I didn't know all of it's use. As usual, you have broken it down into very clear and concise concepts.
@Agnish Roy he is running dell laptop if i'm not mistaken. the one with hardware switch for webcam, microphone and connectivity (bluetooth, WiFi, etc). one thing we all know that whatever it is, he is using ethernet and his own router. even he is using Ethernet with his phone.
@@ExplainingComputers the thing that blows my mind is that I can have separate VMs for installing malwares like Zoom. I made one specifically for that and since it uses the template as the root disk, it only consumes the space that zoom consumes in disk
@@geekionizado That is indeed very clever and very useful. Anything you "need" to install that may problematic, you just chuck it into its own Qube. Very handy.
@ExplainingComputers Qubes is really great if you need maximum control over security and your applications but the hardware requirements make it more demanding. This is why I also like Fedora Silverblue. The OS itself is immutable but you can add applications in three different ways: flatpaks, containers (toolbox) and layers (rpm-ostree). Toolbox is really convenient for trying out apps and its dependencies or separating conflicting requirements. If you decide you don’t want to keep it just delete the container. Also major OS upgrades are a non-event and rollback is just as easy.
Interesting concept. Software companies like Microsoft and Apple that use proprietary OS's would be challenged to adapt to such technology. With so many flavors of OS's available, the eventual necessity of a standard OS such as Qubes may end up being promoted by hardware manufacturers!
Thank you, Chris. Great presentation! I, too, am impressed with Qubes thanks to your excellent introduction. I will download 4.0.3 and play with it myself. I have heard of it before but never really looked at it until now... and I can see it really is impressive! *Can I suggest a part II to this?* Could you demonstrate a Windows Template? I would like to see you install that template and make a Windows Qube and add some common applications like say Office or even just Word? If you choose to do so, could you also pick higher-end hardware to demo on? The Odyssey X86J4105 was good for this exercise but adding a new Windows Template I think will require say a 16 GB System with a fast M2 drive and a modern i9 Intel or 39XX AMD processor?
Chris, I agree with Greg wholeheartedly. I think a part two with Windows in the Work Cube Slot would be neat. Please consider extending your dive into Quebs to include any other interesting things you discover. What is the possibility of doing a daily driver test ? A week Qubes? Is there software that you use currently that won't work in this environment? It would be an interesting test.
Thank you for another very informative and potentially useful video and OS solution scheme. Virtual operating systems have long been touted for their benefits for security, but I've never heard an adequate explanation about how to prevent the virtual machine layer itself from being compromised. If that happens, especially without detection, the keys to the entire kingdom are lost. In fact, I'm completely sure the usual suspects are working very hard to make that happen, if they haven't already succeeded. We've added all manner of security mechanisms and protocols to the traditional layers, but what security provisions are designed and built into the virtual layer that might give us assurance? Yes, I know Qubes is an "open source" system, but I don't believe that is sufficient, anymore than it is for any other open source product.
Tips: If you use "dnf" to install program. You don't need to "turn on network" on template qubes. Also fedora 32 is released. That's mean Fedora 30 will get EOL soon. Consider switch to fedora 32 template VM You can follow TemplateVMs form QubesOS User Documentation for more information
Excellent video! The only thing I would add is you should never set a root password at install. It's more secure to only access root through 'sudo', and this is the default implementation in most popular distros such as Ubuntu.
Here’s an English lesson of how to say what I think you meant in your comment: listening to this, or: listening to you, or: listening to this video, I am learning English, as well as how to use the Qubes operating system (OS), which is perfect because I am learning both at once!
Alright... this OS is pretty slick. I thought at first the separate virtual machines were only limited to 4 at a time because of those squares at the top, I didn't expect that to represent 4 individual desktops.
Very useful and informative video. 9/10 - had Mr Scissors arrived it would have been a 10! Many thanks for producing your videos, they are always excellent. Is Ubuntu an option at install?
I like to mess with Qubes OS, I absolutely like the idea of having all separated in small virtual ‘qubes’. Brilliant. 👌🏻 Hello Chris. Excellent video. 👌🏻 I hope you are well and safe.
Hi Chris, Nice Sunday afternoon tech mood created by you on weekly basis :) Indeed those days is a good choice to protect yourself; socially, biologically and digitally as well... I am using virtual machines for quite a while but the devs of this OS is having a different yet interesting approach. For a nubie like me is similar with Docker but with a desktop environment. By the way, are you planing a video about Docker ? And also I noticed you "switched" from Mint to Ubuntu ;)
Good video. The Odyssey x86 is certainly a powerful SBC. It would be great to see a video that went more in depth to the Odyssey x86's compatibility with Qubes OS. Where subjects like Qubes Air and Qubes Odyssey and Split GPG are talked about
Glad to see qubes getting some press! 1. when installing, you dont need to make a root password. just a disk and user pass. dom0,the controlling vm, is already root. 2. when adding software to a template, dont enable networking! its off to protect the template. theres already a proxy, by default running from sys-firewall, for software installs. you can turn it off, for example, for software downloaders. 3. the fedora-30 templates are no longer supported. update to fedora-31 or fedora-32, which should be out by the time you read this. 4. you can customize and have multiple dispvm templates since qubes-4. for example, you can add noscript and a malware blocker to firefox in a dispvm template, maybe make that your default, and keep another dispvm untouched for other uses.
Thanks for this. I set up the root password because I generally would! :) On networking, I realised it was off on the template to protect it, and did turn it off again after the installs as I noted in the video. I tried to install software without turning networking on for the template and it did not work (the installer did not populate). So after many attempts (I did numerous installs and setups over three days), I tried turning on networking for template and it worked! :) Seems like I missed something. My bad.
@@ExplainingComputers That sounds like an odd bug. Do you remember, or do you have the error it gave? as long as sys-firewall and sys-net are running, they should work. I havent used the 4.0.3 installer, so maybe something there. hope its fixed now, but ill look for that one. glad you found a quick workaround. If your still using it and find any more bugs, please pester qubes-os on github.
Skimmed over Qubes' specs. I will be trying this OS just to see how well Qubes' version of TOR works. Being able to go onto the i(I)nternet without my IP exposed is a desirable feature of the OS. Chris, do you verify the downloads against the supplied signature file & PGP key file before installing the OS on your test rig? Thanks for this demo.
I did not verify -- I would for an in-use install. Note that the specs are very, very important (far more so than for most OS, which is why I covered them in some detail). Unless your PC meets the multiple hardware virtualization requirements, Qubes OS will not work. And if it does do not meet the recommended graphics requirements, you will have a lot of troubleshooting to do! :)
I’m very tempted to start using cubes. I like the concept of it, and it’s not too far from what i do now with arch. This doesn’t take care of all of ones security needs, but can really help out a lot. being careful with what cube one is using at any point is very important. Still, it’s an amazing idea
Would like to have seen how to save a snapshot of a non-disposable Qube for use as a disposable Qube. Also installation of additional command-line software (development environments, etc.) in Qubes.
5:58 Looks like you didn't quite go with the defaults. You can see the tick appear on the "... updates over Tor ..." option. Perhaps you double clicked where only a single click was needed. ;) Anyway, nice video Chris.
Interesting OS a multi implementation VM system its all sandboxed and secured on its own box .something that smells bad gets the toughest box thanks for the look around this OS professor Christopher.
Secure environment for things you have to keep secure, but things you want to keep, I think I would always backup in the most reliable and simple way possible. It would be a bad thing if you had multiple need if media locked so you could never get it back. there are cases when you may need good security and this seems to be a pretty good way of doing it.
Interesting video and interesting OS!! I will have a look at it and run it in a VM, I will have to allow nesting of that VM in Virtualbox :). I already use a comparable approach, I run all my "work" in Virtualbox Virtual Machines on top of a minimal install of Ubuntu 20.04 LTS. With the exception of 1 VM (for my communication activities), all other VMs and the Host have their firewall closed for inbound traffic. My "banking" VM is encrypted by Virtualbox. I have the following set of main VMs: - Xubuntu 20.04 for the communication (email, torrents, WhatsApp and KDE-Connect); - Ubuntu Mate 20.04 exclusively for Banking and PayPal; - Ubuntu Studio for Multimedia (family videos; photos, music); - Ubuntu 20.04 for try outs (Linux games using VBox 3D acceleration; DOSBOX + Wolfenstein-3D and any new Apps I like to try) ; - Ubuntu 21.04 to keep an eye on QEMU/KVM developments and the nesting of VMs :) - Windows 10 Pro for typical Windows stuff, used infrequently. Most Linux VMs boot in ~10 seconds, while the Xubuntu VM only needs ~6 seconds and the Ubuntu VM itself ~13 seconds. Xubuntu (communication) is started directly after I boot the Host. Each OS runs in full screen on its own workspace with Right-CTRL and Super-Key + Page UP/Down you can move between VMs. My hardware is a Ryzen 3 2200G, 16 GB (3000 MHz) and a 512 GB Silicon Power nvme-SSD (TLC 3200/2300 MB/s) and 2 HDDs. Ubuntu the Host boots from and runs ZFS with a memory cache of max 4 GB. Memory cache and disks are all lz4 compressed with for VMs a 1.8 compression ratio, which improves the effective sizes of cache, SSD and HDDs and it reduces the number of disk IOs needed for e.g. booting or loading e.g. Firefox.
Kinda reminds me of Bromium which got acquired by HPE last year. Of course, Qubes goes a bit further by taking privacy onto account with Tor, so that's nice, and it's also open-source.
Excellent video! Have you checked out any Qubes support forums? Are the members helpful? I was planning on installing MX Linux. Their forum is very good. But with this video, now you have me second guessing whether or not I should do so, or if I should, instead, go with Qubes. It seems like Qubes is acting like a hypervisor, and managing your various Qubes/compartments (which, if I understand, are sort of like virtual guest machines). I suspect that this is problematic for gaming. Do you know if games are going to be a problem? This video covered all kinds of advantages for the OS. Have you discovered any drawbacks? Please consider that my questions are all based on having exceeded all hardware requirements. Thank you.
Thanks for this. Linux Mint is a great OS (though note that version 20 comes along next month) and my daily Linux driver. Gaming would be problematic I think in Qubes OS -- it is not an OS for graphics-heavy stuff. I've not spent time in the Qubes OS forum, but their documentation is excellent.
I originally found this channel while browsing without an account and just now remembered I didnt subscribe. Now I get to catch up from the past month or so!
Hi Chris, Perhaps have a look at Ventoy sometime - it installs once to a USB stick - then you can copy multiple ISOs to the second partition it creates. Select the image from Ventoy's boot menu and it starts up as usual. Very handy for situations like this - just throw the ISO on to your Ventoy stick instead of having to find a spare drive. Also saves from having multiple drives for frequently used images. I've been trying it out with Linux Mint, CloneZilla, UBCD, FreeDOS and a few Windows 10 installers - all working OK so far.
@@SmedleyButler1 funny enough...it's not for me I guess cause sometimes it's hard to use but the other times it's easy idk but it's still good nonetheless
Christopher, You are a genius. But, I already knew that. I thought I should repeat that fact here, so that others will realize same. WE LUV EC!! Keep up the excellent videos! Your friend in Oregon, USA. /s/ Paul p.s. Is this anything like the Chicago CUBes? (Dodger fan here!)
Chris might I suggest using Stellarium as one of your test programs. It's multi platform, exercises the graphics capability, looks great and we could take a ride to a distant object in space rather than the a boring word processor with Hello on the screen.
Bonjour Chris, Yet another informative subject. I tried Cube OS a few months ago and found it very slow using an i3 Intel processor. I was impressed that you chose to use an x86 SBC to demonstrate the OS. From the looks of things, the product usability, especially the performance, improved considerably. I will revisit the OS using my new Ryzen 3200 build.
I do remember that PC, and used it for many years. An Intel Atom Mini-ITX board with 2GB of RAM! :) Thanks for watching all of these years. Maybe I should go back to that board and see what it would run today.
ExplainingComputers Wow! Thanks for the reply! I used to watch this channel from a different Google Account which I probably lost the password heh. But, you really helped me learn much stuff about Systems. You convinced me to get a Raspberry PI. And more.... wow. Memories ain't it? Also, could you try installing Damn Small Linux into the 2GB ram machine? :) that would work well haha!
Cubes OS is a pretty good idea. Interesting its built on Xen with all its CLI bits hidden behind a nice gui. I wonder if you can set it up so cubes start automatically without loging in or unlocking the shared encrypted disk? The former should be possible but the latter is a problem because presumably the directories responsible for booting XEN and also the virtual machines you may want to run on start up are encrypted too. Thanks Chris. It takes a lot of work to describe and show such a complex system. I really appreciate your efforts.
If you use the KDE desktop, you can enable auto login. Then the user pass is only good for unlocking the screen. LUKS can unlock from a keyfile, but you would need to store that somewhere in plain text, usually on a thumb drive. Unless you have multiple usb controllers, this means giving dom0 usb access, at least till it boots and the usbvm can take over. It could give an attacker a potential entry point, but in some cases, like when you might be watched, its better than visibly typing your drive key. usb access can be filtered, but you'd have to set this up on your own. qubes doesn't provide a way. it wont stop you either.
Thanks, Mr. Chris. I have been reading about this OS already. Never thought you would make a video about it, let alone entering the secure computing domain.
The U.S: intelligence community and your own government as part of the Five Eyes alliance, are against this as they are enemies of privacy and secure civilian communications.
Not only you are the best, now you are also the bravest teacher. Thank you very much.
Using that OS would probably expand the minds of most computer users.
:)
I'm so grateful to you for introducing Qubes to the wider audience. I believe we need more privacy and security tools for wide population more than ever now. Qubes is so innovative and helpful.
The real question is why we didn't get something like this twenty years ago. Forty years ago, the answer was simple: No personal computer networking, and not nearly enough memory. Thirty years ago: still not quite enough memory and personal computer networking was mostly limited to BBSs. Twenty years ago, when the Internet was taking off and the first few generations of viruses and malware were infecting Grandmom's computer and she had no idea why it was slowing down so she just lived with it, this is exactly the sort of thing that was needed.
@Din Ding my grandma prefers to use tails when purchasing her medicine
17 years ago there were options. I used to clone a usermodelinux image that parsed /proc/cmdline in rc.local for hostname, ipaddress etc. then theres xnest (and xephyr) for a kinda naive gui isolation. ironcally, the one app hard to isolate was the browser. vmware was pretty common, but obviously took more resources. good for that browser.
before qubes, i knew others who virtualized their desktops too. we all just wrote our own way. by then i was using virtualbox with ansible and packer. some did similar with virtualbox. and of course, theres vagrant, the 2nd easiest way.
@@raymundoo2879 your grandma must be always high
One can not become sad when a new video from Explaining Computers arrives in the inbox. Thanks for the good introduction on Qubes
I like the way Christopher explain!!!
I found your channel when I was looking for things to do with my Raspberry Pi, but I like that your channel varies from week to week. Sometimes it's hardware, sometimes software. Thanks.
I try to keep a mix of content -- SBC generally every other week -- including a Raspberry Pi video next week. Thanks for watching. :)
You pick the best topics from extremely wide ranges of technology... it seems like whenever I find some new gadget or software that is interesting you have already done a video on it
This is a great idea for an operating system. On the occasion when I have a file I'm not quite sure about, I sometimes use an old laptop as my 'virtual' machine to open it. I can see where Qubes would be very handy indeed. Thanks for another great video! On an unrelated note, yesterday my Odroid XU4 arrived. My wife was in the room when I said 'not to worry, Mr. Sicissors will get us in'. Her look was priceless!
:)
There are a number of sandbox programs you could use for your purposes, which are essentially disposable isolated segments of your native OS.
@@FlyboyHelosim I tried that but my cats used it too... it didn't turn out well.
I haven't used Qubes in years. Joanna is a brilliant developer! Thanks for bringing attention to such an undervalued privacy tool! At first, I thought you were running this on ARM SBC and was very intrigued. But you are brave for submitting a Celeron to all this workload.
She is indeed brilliant, but unfortunately she hasn't been working on Qubes OS for a while: www.qubes-os.org/news/2018/10/25/thank-you-joanna/
I Started Watching Your Video But Got Off On The Hardware So Much, I Had To Go Watch (Like & Comment) Your Video From April Featuring The Board Itself. You Sir Will Always Rock!
Thanks for watching both videos! :)
Looks like a user friendly combination of Jails+Bhyve on FreeBSD.... very nice indeed!
Thank you Christopher, you manage to educate & entertain in equal measure....very much appreciated...
I gave Qubes a run roughly 6 years back now and just couldn't come to grips with it at the time - thanks heaps for this great explanation Chris... might be time for another spin round the block with this 👌
Let's go and take a ..............closer look. And relax
:)
Chris is like the Bob Ross of tech talk........ :)
@@buggerlugz6753 true, but without that crazy haircut
@@buggerlugz6753 - I let out a good laugh at this, but it's true.
We are guests of the most chill tech talk voice in the land, when many are overly brash in their delivery, and we get you sit back and relax.
I love the consistent format of this channel's videos.
As usual you give us valid and brilliant information. I just started with Qubes OS two days ago, after i found a laptop that could run it. Just took me 1½ years of waiting. And I was wondering how to install like Libress in Qubes OS. Because i could not get access to the internet. But you show us how, so now i gratefully can continue my new quest with Qubes OS. I hope you will make more stuff about Qubes OS.
Enjoy your journey and experimentation!
I am blown away - that OS is absolutely amazing. Thanks, as always Chris!
It seems your reaction to Qubes OS is the same as mine.
I have just watched an excellent and informative video on an OS that I will never use!
Well done Chris...
WOW! Extremely interesting video Chris. Fastest 17 minutes I've spent in quite some time. Well Done. Thanks.
Very interesting. There are a lot of features provided by the CPU vendors that are included so that wise system programmers can lock things down. This OS takes advantage of some of these arrangements. I am interested in learning more :-)
It is such a cool operating system, it should be renamed “Ice Qubes”. Looking forward to your next video!
Frozen
Dear lord.
Good one Perry!
@@dadadaddyoo
Ice cubes LOL
The concept is great! No need to use Vmware/Virtualbox to operate multiple OS in one machine.
Excellent introduction to Qubes OS.
Only watching it now as I am new to the channel.
Clearly there is security value in separating different tasks in
different virtual machines. But attack vectors will still exist.
The cross-cube copy mechanism being a case in point.
The Windows sandbox could be used in a somewhat "similar" way.
But already people are discussing how to hack it.
Cross VM hacking is not unknown.
Just got the notification, and here I am. Can't miss a moment.
Qubes is an amazing OS for someone wanting virtual system environment.
Agree!
And who (of non-hacker, non-sysadm, non-seo-spammer) can that be? ;)
I've watched a few videos on this OS, and found yours to be the best tutorial, and presentation. Thanks as always!
Will I use this? Likely not but fascinating nonetheless. Perhaps more important for me is the relaxing interlude I get every Sunday morning, so valuable during these times. Thanks Chris!
I've known Qubes OS from the first release and I can say it the most secure OS I can think of. Great desktop OS.
I don't think Tails or Whonix are more secure. They all have their own use-cases. Kodachi is probably the most secure after Qubes.
Anything running on a closed source RISC Intel chip is not secure.
@HaloBaller9813 Whonix is embedded in Qubes. Depending on your threat model OpenBSD is more secure for some.
I enjoy learning from this channel your videos are very well thought out and flow nicely so staying tuned is easy.
We use this pretty exclusively to maintain our client's networks, nice to see a video about it!
Great to hear.
Excellent - somewhat familiar with Linux and seeking security and privacy but couldn't make head nor tail of Qubes until your video - thank you!
You definitely need to explore this thing more by testing out a windows template and by doing some performance tests with stuff running on native operating systems vs their virtualized variants.
Speed difference is negligible - you'll obviously have multiple OSes competing for CPU and RAM if you run 2 or more at once, but unless they're doing background tasks (updates for example), it'll be no different to running the apps you have up front on one single OS.
Thank you, Chris. Great job. Your videos are always worth the time to watch. I learn something every time.
Thanks for your kind feedback, appreciated.
Fascinating...I loaded to a dell E7240 ultra-book which has a 512gb msata drive and 8gb of memory and it seems to be quite happy. I did have to fiddle a bit with usb drivers but well worth the effort...connected to my wifi without fuss but much faster via Ethernet and the UI is very pleasing to navigate...Thanks 👍 !
Sounds like you are having fun experimenting! :)
As the computing power available to us supersedes our ability to even make effective use of it the majority of the time, an operating system like this that puts virtual machines front an center of everything becomes more than just a grand security experiment, but entire in-home mainframes could be possible that could be running any operating system ever.
The ease by which a person with one, big, powerful machine that they maintain and upgrade can provide sandboxed computing environments for an entire household with just a few clicks excites me more than the security implications.
Everything else is networked dumb terminals. Most people won't WANT to do that, but .. I do. Something about that idea just excites me a lot.
Deffo looks like one for a test drive and possibly much more.
Thanks for that!
OK, I always enjoy your videos, but this one has me more animated than usual on a Monday morning!
Another clear, interesting and well structured video. Thanks, Chris
What an interesting and novel approach to an OS. Based up the video, its seems that the user really needs to choose a specific template to serve as the basis of all of their qubes. Otherwise, the user would need download and install apps for each of the templates, taking time and storage space. Thanks for an outstanding video both in terms of the introducing the Qubes OS to the community and the excellent productin values you bring to each of your videos. Keep up the excellent work.
Yes, you are right, basing all qubes on one template would save space and multiple software installs. But you may also want different software in different qubes.
An excellent video, as usual . I'd never before heard of Qubes OS. What a fascinating concept!
I don't care where I placed in the comments, I enjoy your videos on Sunday mornings with my coffee and breakfast :)
I’m impressed Prof, this is the ultimate sand boxing of apps on one system. I like it.
Hi Chris. Just want to thank you for your great in depth technical videos. I used to watch Twit TVs Screensavers way back when it was very technical but they transitioned to just talking about phones and of coarse the show is now gone. Hope to keep seeing more of your great videos for a long time to come! Thanks again!
Very interesting. I have been doing something similar with both physical and virtual machines for years. Curious about high level security and also concerned about the single point of failure. Then again most people don't have a Windows domain in their house like I do.
Love your stuff and love your style. I teach IT professionals and usually find some cool nuggets in your videos. I will admit, though, that one of my pet peeves is folks pressing Apply then Okay. That's redundant. Apply saves your changes but leaves the dialog open so that you can make more changes. Okay saves your changes and closes the box. No need to do both.
I am well aware of this. But this is a video, and getting everything perfect in a single take is extremely difficult. This video was recorded over 4 days (168GB of data grabs), and most takes were done at least 10 times, with considerable reset in between. As soon as I clicked on "Apply" I went "damn" in my head, but there I'd done it. So I left in the two clicks on "Apply" and then "OK". Remember this is a video -- it is not real life! :)
Quite interesting. Not something that I can see myself using. But, a very informative video as usual. Well done, Sir!
Nice coincidence. I just was looking into this this week. The inventor is a very smart woman, Joanna Rutkowska, and she is definitely looking out for us. I trust her. Which is saying a lot. And the OS seems to have thought of everything, including obscure things.
Wow !
This OS is something else isn't it.
Great video as usual .
Thanks EC.
It sure is! Qubes OS actually does something different. And it actually works too! :)
That is indeed the best OS innovation i have seen in a long time. Thank you.
Thinking about it more; I'm running win10 and Mac Mohave on an Intel i7 with the OracleVM. If I were to upgrade, would you recomend an i9 or the threadripper from AMD?
I do love the virtualisation of this OS and the ability to assign things like networking to one VM and not the other.
Would allow me to, finally, get control over the OS back. And still be able to fall back on my windows developer software dependancy.
Highest regards, Machiel.
Thanks for this. The Intel/AMD call at the high end remains a difficult one. Personally I'd go Intel.
Amazing. They need a tester to see how your system will perform with this OS.
It is interesting to see Xen used in the workstation / client arena, I suppose it only makes sense and yes very nice wrappers around the xen tools to create dom U's via templates which is very similar to the text only templates for server grade installations.
Haven put this on lower grade hardware the demo here just goes to show how robust / mature the XEN VM archetecture is and should be a testiment to it being the best solution for any VM requirement. Linux has a number of VM options those being XEN , VMWare , QEMU , VirtualBox , KVM each has its pro's and con's and use case.
This was a good overview of a good use case for Xen.
Good to follow-up with a video on the Windows "Sandbox" feature.
yeah it was really funny how that was just brushed over
Thanks for presenting this. I've heard about the OS before, but I didn't give much thought into it as I didn't know all of it's use. As usual, you have broken it down into very clear and concise concepts.
Thanks Leslie, hope all is well with you.
That's pretty amazing. My PC probably can't run it, but the next I build might be a qubes machine.
I know of Qubes because Snowden mentioned it in an interview. He uses it. He probably even gave the Devs feedback on it.
Its a very interesting indeed
@Agnish Roy Something purchased in Russia I'd suggest
@Agnish Roy he is running dell laptop if i'm not mistaken. the one with hardware switch for webcam, microphone and connectivity (bluetooth, WiFi, etc).
one thing we all know that whatever it is, he is using ethernet and his own router. even he is using Ethernet with his phone.
I really appreciate the time you take editing. Nice video
Nice looking OS and vid, I just realised theres a merchandise page :) brilliant, can't wait for my first Sunday cuppa tea with Mr Scissors..
Brilliant as usual
Thanks!
Very interesting concept for an OS. Thank you for this great introductory video about it.
I use Qubes as my main OS and can't live without it.
Cool. I am tempted to become a daily user! :)
@@ExplainingComputers the thing that blows my mind is that I can have separate VMs for installing malwares like Zoom. I made one specifically for that and since it uses the template as the root disk, it only consumes the space that zoom consumes in disk
@@geekionizado That is indeed very clever and very useful. Anything you "need" to install that may problematic, you just chuck it into its own Qube. Very handy.
@ExplainingComputers Qubes is really great if you need maximum control over security and your applications but the hardware requirements make it more demanding. This is why I also like Fedora Silverblue. The OS itself is immutable but you can add applications in three different ways: flatpaks, containers (toolbox) and layers (rpm-ostree). Toolbox is really convenient for trying out apps and its dependencies or separating conflicting requirements. If you decide you don’t want to keep it just delete the container. Also major OS upgrades are a non-event and rollback is just as easy.
Afternoon sir. Hope you're doing well and keeping safe!
I am doing OK. I hope that you are too!
@@ExplainingComputers Glad you're doing well. Besides being very bored during my free time and being stuck on MS Teams during work, I'm fine thanks!
Interesting concept. Software companies like Microsoft and Apple that use proprietary OS's would be challenged to adapt to such technology. With so many flavors of OS's available, the eventual necessity of a standard OS such as Qubes may end up being promoted by hardware manufacturers!
This is quite a neat OS. I think I might convert one of my systems to this for testing untrusted websites. I like it.
Thank you, Chris. Great presentation! I, too, am impressed with Qubes thanks to your excellent introduction. I will download 4.0.3 and play with it myself. I have heard of it before but never really looked at it until now... and I can see it really is impressive! *Can I suggest a part II to this?* Could you demonstrate a Windows Template? I would like to see you install that template and make a Windows Qube and add some common applications like say Office or even just Word? If you choose to do so, could you also pick higher-end hardware to demo on? The Odyssey X86J4105 was good for this exercise but adding a new Windows Template I think will require say a 16 GB System with a fast M2 drive and a modern i9 Intel or 39XX AMD processor?
Chris, I agree with Greg wholeheartedly. I think a part two with Windows in the Work Cube Slot would be neat. Please consider extending your dive into Quebs to include any other interesting things you discover. What is the possibility of doing a daily driver test ? A week Qubes? Is there software that you use currently that won't work in this environment? It would be an interesting test.
Part 2 goooood
Thank you for another very informative and potentially useful video and OS solution scheme. Virtual operating systems have long been touted for their benefits for security, but I've never heard an adequate explanation about how to prevent the virtual machine layer itself from being compromised. If that happens, especially without detection, the keys to the entire kingdom are lost. In fact, I'm completely sure the usual suspects are working very hard to make that happen, if they haven't already succeeded. We've added all manner of security mechanisms and protocols to the traditional layers, but what security provisions are designed and built into the virtual layer that might give us assurance? Yes, I know Qubes is an "open source" system, but I don't believe that is sufficient, anymore than it is for any other open source product.
Very interesting. It would be nice to understand any performance penalties imposed by this additional security.
Tips: If you use "dnf" to install program. You don't need to "turn on network" on template qubes.
Also fedora 32 is released. That's mean Fedora 30 will get EOL soon. Consider switch to fedora 32 template VM
You can follow TemplateVMs form QubesOS User Documentation for more information
Thanks for this. :)
A very ambitious project.
Excellent video!
The only thing I would add is you should never set a root password at install. It's more secure to only access root through 'sudo', and this is the default implementation in most popular distros such as Ubuntu.
Sound advice.
@@trtrhr On Qubes there is no sudo password.
Listening this Sir, I learn English language also. He is perfect !!!
Here’s an English lesson of how to say what I think you meant in your comment: listening to this, or: listening to you, or: listening to this video, I am learning English, as well as how to use the Qubes operating system (OS), which is perfect because I am learning both at once!
Alright... this OS is pretty slick. I thought at first the separate virtual machines were only limited to 4 at a time because of those squares at the top, I didn't expect that to represent 4 individual desktops.
Very useful and informative video. 9/10 - had Mr Scissors arrived it would have been a 10! Many thanks for producing your videos, they are always excellent. Is Ubuntu an option at install?
Ubuntu is not an option at install as I recall.
@@ExplainingComputers Thanks
I like to mess with Qubes OS, I absolutely like the idea of having all separated in small virtual ‘qubes’. Brilliant. 👌🏻
Hello Chris.
Excellent video. 👌🏻
I hope you are well and safe.
Hello Elvira! I might have guessed you'd be in to Qubes OS. I am doing fine, and hope that you are too in this strange, strange world.
Great video for a cold, quiet sunday.
Hi Chris,
Nice Sunday afternoon tech mood created by you on weekly basis :)
Indeed those days is a good choice to protect yourself; socially, biologically and digitally as well...
I am using virtual machines for quite a while but the devs of this OS is having a different yet interesting approach. For a nubie like me is similar with Docker but with a desktop environment.
By the way, are you planing a video about Docker ?
And also I noticed you "switched" from Mint to Ubuntu ;)
Docker is indeed something I really must cover at some point! :) I thought that I would shock people by running Ubuntu . . .
Good video. The Odyssey x86 is certainly a powerful SBC. It would be great to see a video that went more in depth to the Odyssey x86's compatibility with Qubes OS. Where subjects like Qubes Air and Qubes Odyssey and Split GPG are talked about
Glad to see qubes getting some press!
1. when installing, you dont need to make a root password. just a disk and user pass. dom0,the controlling vm, is already root.
2. when adding software to a template, dont enable networking! its off to protect the template. theres already a proxy, by default running from sys-firewall, for software installs. you can turn it off, for example, for software downloaders.
3. the fedora-30 templates are no longer supported. update to fedora-31 or fedora-32, which should be out by the time you read this.
4. you can customize and have multiple dispvm templates since qubes-4. for example, you can add noscript and a malware blocker to firefox in a dispvm template, maybe make that your default, and keep another dispvm untouched for other uses.
Thanks for this. I set up the root password because I generally would! :) On networking, I realised it was off on the template to protect it, and did turn it off again after the installs as I noted in the video. I tried to install software without turning networking on for the template and it did not work (the installer did not populate). So after many attempts (I did numerous installs and setups over three days), I tried turning on networking for template and it worked! :) Seems like I missed something. My bad.
@@ExplainingComputers That sounds like an odd bug. Do you remember, or do you have the error it gave? as long as sys-firewall and sys-net are running, they should work. I havent used the 4.0.3 installer, so maybe something there. hope its fixed now, but ill look for that one. glad you found a quick workaround. If your still using it and find any more bugs, please pester qubes-os on github.
p.s. Your presentation style is so clear, its inspiring! thanks again for putting this out.
Skimmed over Qubes' specs. I will be trying this OS just to see how well Qubes' version of TOR works. Being able to go onto the i(I)nternet without my IP exposed is a desirable feature of the OS. Chris, do you verify the downloads against the supplied signature file & PGP key file before installing the OS on your test rig? Thanks for this demo.
I did not verify -- I would for an in-use install. Note that the specs are very, very important (far more so than for most OS, which is why I covered them in some detail). Unless your PC meets the multiple hardware virtualization requirements, Qubes OS will not work. And if it does do not meet the recommended graphics requirements, you will have a lot of troubleshooting to do! :)
I’m very tempted to start using cubes. I like the concept of it, and it’s not too far from what i do now with arch. This doesn’t take care of all of ones security needs, but can really help out a lot. being careful with what cube one is using at any point is very important. Still, it’s an amazing idea
You can run Arch in Qubes. You will need at least 16 gigs of RAM tho.
Cool idea that seems pretty complex to set up but I'd imagine it'd be pretty easy to use once you got used to it.
Would like to have seen how to save a snapshot of a non-disposable Qube for use as a disposable Qube. Also installation of additional command-line software (development environments, etc.) in Qubes.
5:58 Looks like you didn't quite go with the defaults. You can see the tick appear on the "... updates over Tor ..." option. Perhaps you double clicked where only a single click was needed. ;)
Anyway, nice video Chris.
Interesting OS a multi implementation VM system its all sandboxed and secured on its own box .something that smells bad gets the toughest box thanks for the look around this OS professor Christopher.
Secure environment for things you have to keep secure, but things you want to keep, I think I would always backup in the most reliable and simple way possible. It would be a bad thing if you had multiple need if media locked so you could never get it back. there are cases when you may need good security and this seems to be a pretty good way of doing it.
Interesting video and interesting OS!! I will have a look at it and run it in a VM, I will have to allow nesting of that VM in Virtualbox :).
I already use a comparable approach, I run all my "work" in Virtualbox Virtual Machines on top of a minimal install of Ubuntu 20.04 LTS. With the exception of 1 VM (for my communication activities), all other VMs and the Host have their firewall closed for inbound traffic. My "banking" VM is encrypted by Virtualbox. I have the following set of main VMs:
- Xubuntu 20.04 for the communication (email, torrents, WhatsApp and KDE-Connect);
- Ubuntu Mate 20.04 exclusively for Banking and PayPal;
- Ubuntu Studio for Multimedia (family videos; photos, music);
- Ubuntu 20.04 for try outs (Linux games using VBox 3D acceleration; DOSBOX + Wolfenstein-3D and any new Apps I like to try) ;
- Ubuntu 21.04 to keep an eye on QEMU/KVM developments and the nesting of VMs :)
- Windows 10 Pro for typical Windows stuff, used infrequently.
Most Linux VMs boot in ~10 seconds, while the Xubuntu VM only needs ~6 seconds and the Ubuntu VM itself ~13 seconds. Xubuntu (communication) is started directly after I boot the Host. Each OS runs in full screen on its own workspace with Right-CTRL and Super-Key + Page UP/Down you can move between VMs.
My hardware is a Ryzen 3 2200G, 16 GB (3000 MHz) and a 512 GB Silicon Power nvme-SSD (TLC 3200/2300 MB/s) and 2 HDDs. Ubuntu the Host boots from and runs ZFS with a memory cache of max 4 GB. Memory cache and disks are all lz4 compressed with for VMs a 1.8 compression ratio, which improves the effective sizes of cache, SSD and HDDs and it reduces the number of disk IOs needed for e.g. booting or loading e.g. Firefox.
Kinda reminds me of Bromium which got acquired by HPE last year. Of course, Qubes goes a bit further by taking privacy onto account with Tor, so that's nice, and it's also open-source.
Excellent video!
Have you checked out any Qubes support forums?
Are the members helpful?
I was planning on installing MX Linux. Their forum is very good. But with this video, now you have me second guessing whether or not I should do so, or if I should, instead, go with Qubes.
It seems like Qubes is acting like a hypervisor, and managing your various Qubes/compartments (which, if I understand, are sort of like virtual guest machines).
I suspect that this is problematic for gaming. Do you know if games are going to be a problem?
This video covered all kinds of advantages for the OS.
Have you discovered any drawbacks?
Please consider that my questions are all based on having exceeded all hardware requirements.
Thank you.
Thanks for this. Linux Mint is a great OS (though note that version 20 comes along next month) and my daily Linux driver. Gaming would be problematic I think in Qubes OS -- it is not an OS for graphics-heavy stuff. I've not spent time in the Qubes OS forum, but their documentation is excellent.
I originally found this channel while browsing without an account and just now remembered I didnt subscribe. Now I get to catch up from the past month or so!
Hi Chris,
Perhaps have a look at Ventoy sometime - it installs once to a USB stick - then you can copy multiple ISOs to the second partition it creates. Select the image from Ventoy's boot menu and it starts up as usual. Very handy for situations like this - just throw the ISO on to your Ventoy stick instead of having to find a spare drive. Also saves from having multiple drives for frequently used images. I've been trying it out with Linux Mint, CloneZilla, UBCD, FreeDOS and a few Windows 10 installers - all working OK so far.
This I will take a look at -- thanks for the tip. :)
BTW i used cubeOS on my laptop and to be honest this is the best Security oriented system ever! then i switch to PopOS
Why did you switch then?
@@SmedleyButler1 funny enough...it's not for me I guess cause sometimes it's hard to use but the other times it's easy idk but it's still good nonetheless
Very nice.
Hoping we can see a review of Tails OS while we are on the subject of secure operating systems.
**fingers crossed**
On my list!
Christopher, You are a genius. But, I already knew that. I thought I should repeat that fact here, so that others will realize same. WE LUV EC!! Keep up the excellent videos! Your friend in Oregon, USA. /s/ Paul p.s. Is this anything like the Chicago CUBes? (Dodger fan here!)
Thanks for this Paul. :)
Thank you Chris for all your hard work!
Your the best! Love your videos.
I appreciate that!
Chris might I suggest using Stellarium as one of your test programs. It's multi platform, exercises the graphics capability, looks great and we could take a ride to a distant object in space rather than the a boring word processor with Hello on the screen.
I'll take a look. :)
6:41 I note that the time on the clock is 13:37. Which is, of course, the best time.
Excellent Chris, I will give QubeOS a try, thank you very much!!
Bonjour Chris, Yet another informative subject. I tried Cube OS a few months ago and found it very slow using an i3 Intel processor. I was impressed that you chose to use an x86 SBC to demonstrate the OS. From the looks of things, the product usability, especially the performance, improved considerably. I will revisit the OS using my new Ryzen 3200 build.
Remember your PC build with that 40GB SSD? And that small case? Back in 2014. I am from those ages....
I do remember that PC, and used it for many years. An Intel Atom Mini-ITX board with 2GB of RAM! :) Thanks for watching all of these years. Maybe I should go back to that board and see what it would run today.
ExplainingComputers
Wow! Thanks for the reply! I used to watch this channel from a different Google Account which I probably lost the password heh. But, you really helped me learn much stuff about Systems. You convinced me to get a Raspberry PI. And more.... wow. Memories ain't it?
Also, could you try installing Damn Small Linux into the 2GB ram machine? :) that would work well haha!
Cubes OS is a pretty good idea. Interesting its built on Xen with all its CLI bits hidden behind a nice gui. I wonder if you can set it up so cubes start automatically without loging in or unlocking the shared encrypted disk? The former should be possible but the latter is a problem because presumably the directories responsible for booting XEN and also the virtual machines you may want to run on start up are encrypted too.
Thanks Chris. It takes a lot of work to describe and show such a complex system. I really appreciate your efforts.
Thanks for this. :)
If you use the KDE desktop, you can enable auto login. Then the user pass is only good for unlocking the screen. LUKS can unlock from a keyfile, but you would need to store that somewhere in plain text, usually on a thumb drive. Unless you have multiple usb controllers, this means giving dom0 usb access, at least till it boots and the usbvm can take over. It could give an attacker a potential entry point, but in some cases, like when you might be watched, its better than visibly typing your drive key. usb access can be filtered, but you'd have to set this up on your own. qubes doesn't provide a way. it wont stop you either.
Thank you Mr. Sissors, it's a brillant video 👍👍👍
Well made video. Very interesting. The moment you said it used Xen. I was on board.
That was an awesome summary on a very complicated system. Thank you!
That's the coolest thing I've seen in a while.
:)