I'm just a user, though I have a small list of enhancements I want to make. The project is not actively documenting use cases, although people do discuss them on the mailing list. There is enough corporate and institutional interest in Qubes to have made the integration of Salt necessary.
Someone is already trying to get Mirage working with Qubes. Check out the dev mailing list.
Your UI ideas are interesting. Qubes' UI is already pretty special though. Its a great foundation for accurately portraying what's going on inside the system.
Qubes 3.1 already has some of the 'USB allocation' capability you mention: This release can pass through a USB mouse from a USB VM to the rest of the system... this means that an infected mouse cannot masquerade as a keyboard and start entering malicious commands, for example.
Qubes currently only runs on 64bit x86 CPUs, preferably with IOMMU support. ARM is not yet supported, however the Odyssey framework is designed to allow switching-out the hypervisor or hardware platforms, so it could be made to work.
Also, a big reason why Qubes runs x86 is that it was envisioned as a way to run Windows and closed-source apps safely under the control of a FOSS hypervisor and virtualized hardware.
OK, I'll bite... Yes, you probably could run Fallout 4 on Qubes IF you installed an additional graphics card on the system and assigned its PCI device to the VM were you installed the game. Qubes cannot yet virtualize 3d GPU access, so VMs either have to go through the shared virtual 2d mode or have a whole (additional) graphics card assigned to them via the IOMMU.
Its also possible you could run the game in the privileged domain where it would have access to the GPU, but I'm not sure if taking that risk would be worth it.
There has been some experimentation with GPU virtualization, but progress has been slow on that front.
TFA is awkward, too... It waves away Signal's open source status because they think video is so much more important, going so far as to proclaim Wire "the best" on that basis. Lets also forget that Skype's original closed protocol (i.e. from same coder) was cracked.
You are the type of idiot who thinks -- that when any group or nation blazes a trail and shows a workable alternative to the world -- it "means nothing". That driving down the prices / upping the volume of the needed hardware is futile.
You are a bored white guy techie-bro who wants his culture -- still dominant in power and stature from emitting the lions share GHGs to date -- to assume a disposition of neglect waiting for "some type of event that kills 75% of the world's population."
That is some fantasy YOU have, to think we in the west are suckers and that developing countries care any less about having planet they live on screwed up.
The rag with Chelsea Clinton on its board gets a review of its political coverage (very negative against Bernie Sanders -- surprise!) https://www.youtube.com/watch?...
A "much better PC" that comes with malware out of the box and slows down after a year of use, and can't even play a DVD without an add-on that usually has some hideous marketing gimmick built in to bamboozle an over-50 user into opening their wallet.
People doing payroll on a LAN practically do not matter. People sharing windows in teleconferences outnumber them by several orders of magnitude, and people use Windows and Macs for that type of use case. You may not know that MS and Apple got into a brief escalation/competition around 2000 over desktop conferencing, and in the process leapfrogged X network transparency considerably.
X cannot share a window with 10 or 20 people efficiently. Linux users reach for VNC for that use case, and it is an inefficient throwback... nothing more than a bitmap-tosser.
This did happen. It was called NX, made X really fly over Internet connections and added features like window-sharing.
The main X projects (Xfree86 and Xorg) turned their noses up at it.
It was excellent and good enough for me to use it for years. But eventually the writing was on the wall.... If NX features (and the use cases that gave rise to them) were not mainstreamed into X and *nix development, the conferencing apps would not appear. So Windows and OS X with their circa-2000s version of network transparency -- instead of the naive 1980s version X uses -- rule the roost.
Xorg network transparency is overrated. They never absorbed the advances made by the NX project, for one, meaning that X requires a LAN or similar very low latency connection to work well. The other problem is that transparency has been set in stone for a very long time, and competitors (WindowsNT and OS X specifically) leapfrogged X's net features by a mile in the early 2000s. That's why window-sharing and conferencing apps are plentiful on those platforms but very scarce on Linux -- actually, there is NO good screen-conferencing app for X, as X tends to rely on VNC for multiply-shared windows and VNC is stuck inefficiently tossing around bitmap deltas.
I also came to this thread to say that fedora sucks, and anything GUI and desktop-related that's driven by Red Hat server priests is bound to fail. The FOSS community needs to stop looking to Red Hat for desktop features. Their people drive a lot of Gnome development, and they even managed to make the KDE4 suckage look decent in comparison. Their people and mentality are also a big reason why Google had to/fight/ with kernel devs to get necessary features for Android added to the kernel.
X has 'NX' as a low-bandwidth add on that competes well with RDP. But its clunky to install and administer, and the main X projects ignored it because the original 1980s X network transparency is just so utterly perfect (chatty, high-bandwidth, no ability to broadcast or share windows).
Problem is, their test site doesn't seem to recognize openvpn... claims these sites don't use openvpn.
It may also be possible that -- since the PIA domains I gave it likely support protocols other than openvpn -- their tool saw something else on another port and stopped concluded "SSL/TLS not supported".
So far, it seems like a junk study to me which is too bad.... I would have liked some accurate feedback about VPN services I'm interested in (including the service that/. is pushing).
I'm typing VPN domains into their testing tool and its telling me "This site doesn't support SSL/TLS".
Last time I checked, most VPNs based on openvpn use TLS, like the ones I tried. My VPN config for privateinternetaccess.com requires "tls-client" directive and it uses a certificate to validate the server.
So I don't know what this article is talking about. If openvpn (which uses TLS) is too 'different' a protocol for their tools to examine, then there is something very wrong with the study its based on.
Yes, Gillard was for the TPP, but the carbon tax is the main reason why the Murdoch empire came out against Labor. The oligarchs are very picky these days: They want total loyalty to their version of capitalism on all the issues.
You should re-name your country to Murdochville. His declared 'war against labor' (and lions share of the news media) is the reason why Australian politics looks the way it does in 2016.
When I pressed the update icon in my toolbar (linux mint 17) I got a strange alert saying "cannot verify that the software is what it is supposed to be" (can't recall the exact wording, but everything I have read here and elsewhere said to me "don't install stuff you don't trust and can't verify"
So, I clicked cancel. The updates were fishy, even though they were through a legitimate source, but who knows when that source could get hacked?
Thanks slashdot for all the paranoia over security for the past 15 years, it's paid off, just last night.:) Cheers!
To all the jerks that say I have a tinfoil hat, have fun with your viruses!
That's exactly what you were supposed to do! And its properly called precaution, not paranoia.
but the other question is, were users verifying the md5/sha1 checksums on the ISO images? how would they do that (when usually they will be downloading a check-program from the same website)? would they *know* to verify the checksums?
Slashdot Mirror
XFCE is an install option.
I'm just a user, though I have a small list of enhancements I want to make. The project is not actively documenting use cases, although people do discuss them on the mailing list. There is enough corporate and institutional interest in Qubes to have made the integration of Salt necessary.
Someone is already trying to get Mirage working with Qubes. Check out the dev mailing list.
Your UI ideas are interesting. Qubes' UI is already pretty special though. Its a great foundation for accurately portraying what's going on inside the system.
Qubes 3.1 already has some of the 'USB allocation' capability you mention: This release can pass through a USB mouse from a USB VM to the rest of the system... this means that an infected mouse cannot masquerade as a keyboard and start entering malicious commands, for example.
You're OK too, for a corrupt ex-Pope :P
Qubes currently only runs on 64bit x86 CPUs, preferably with IOMMU support. ARM is not yet supported, however the Odyssey framework is designed to allow switching-out the hypervisor or hardware platforms, so it could be made to work.
Also, a big reason why Qubes runs x86 is that it was envisioned as a way to run Windows and closed-source apps safely under the control of a FOSS hypervisor and virtualized hardware.
OK, I'll bite... Yes, you probably could run Fallout 4 on Qubes IF you installed an additional graphics card on the system and assigned its PCI device to the VM were you installed the game. Qubes cannot yet virtualize 3d GPU access, so VMs either have to go through the shared virtual 2d mode or have a whole (additional) graphics card assigned to them via the IOMMU.
Its also possible you could run the game in the privileged domain where it would have access to the GPU, but I'm not sure if taking that risk would be worth it.
There has been some experimentation with GPU virtualization, but progress has been slow on that front.
From the OP, it is a secure desktop OS.
TFA is awkward, too... It waves away Signal's open source status because they think video is so much more important, going so far as to proclaim Wire "the best" on that basis. Lets also forget that Skype's original closed protocol (i.e. from same coder) was cracked.
Uh, no...
Wire appears to compete with Signal. And there are others, some of which the EFF has reviewed: https://www.eff.org/secure-mes...
You are the type of idiot who thinks -- that when any group or nation blazes a trail and shows a workable alternative to the world -- it "means nothing". That driving down the prices / upping the volume of the needed hardware is futile.
You are a bored white guy techie-bro who wants his culture -- still dominant in power and stature from emitting the lions share GHGs to date -- to assume a disposition of neglect waiting for "some type of event that kills 75% of the world's population."
That is some fantasy YOU have, to think we in the west are suckers and that developing countries care any less about having planet they live on screwed up.
Screw you and the pigs you rode in with.
As for .Net adoption, I wouldn't trust a company that extorts royalties from Android devices on patents it refuses to disclose publicly.
Patent revenues from Android devices are a big deal to MS... http://www.thewindowsclub.com/...
This theme about MS being "Open Source Happy" is dubious at best (no surprise it comes via timothy).
The rag with Chelsea Clinton on its board gets a review of its political coverage (very negative against Bernie Sanders -- surprise!)
https://www.youtube.com/watch?...
A "much better PC" that comes with malware out of the box and slows down after a year of use, and can't even play a DVD without an add-on that usually has some hideous marketing gimmick built in to bamboozle an over-50 user into opening their wallet.
Haaaahahahaha!
People doing payroll on a LAN practically do not matter. People sharing windows in teleconferences outnumber them by several orders of magnitude, and people use Windows and Macs for that type of use case. You may not know that MS and Apple got into a brief escalation/competition around 2000 over desktop conferencing, and in the process leapfrogged X network transparency considerably.
X cannot share a window with 10 or 20 people efficiently. Linux users reach for VNC for that use case, and it is an inefficient throwback... nothing more than a bitmap-tosser.
This did happen. It was called NX, made X really fly over Internet connections and added features like window-sharing.
The main X projects (Xfree86 and Xorg) turned their noses up at it.
It was excellent and good enough for me to use it for years. But eventually the writing was on the wall.... If NX features (and the use cases that gave rise to them) were not mainstreamed into X and *nix development, the conferencing apps would not appear. So Windows and OS X with their circa-2000s version of network transparency -- instead of the naive 1980s version X uses -- rule the roost.
Oh and... fuck VNC!!!
Xorg network transparency is overrated. They never absorbed the advances made by the NX project, for one, meaning that X requires a LAN or similar very low latency connection to work well. The other problem is that transparency has been set in stone for a very long time, and competitors (WindowsNT and OS X specifically) leapfrogged X's net features by a mile in the early 2000s. That's why window-sharing and conferencing apps are plentiful on those platforms but very scarce on Linux -- actually, there is NO good screen-conferencing app for X, as X tends to rely on VNC for multiply-shared windows and VNC is stuck inefficiently tossing around bitmap deltas.
I also came to this thread to say that fedora sucks, and anything GUI and desktop-related that's driven by Red Hat server priests is bound to fail. The FOSS community needs to stop looking to Red Hat for desktop features. Their people drive a lot of Gnome development, and they even managed to make the KDE4 suckage look decent in comparison. Their people and mentality are also a big reason why Google had to /fight/ with kernel devs to get necessary features for Android added to the kernel.
X has 'NX' as a low-bandwidth add on that competes well with RDP. But its clunky to install and administer, and the main X projects ignored it because the original 1980s X network transparency is just so utterly perfect (chatty, high-bandwidth, no ability to broadcast or share windows).
Correction: "... claims these sites don't support TLS." Sorry.
Problem is, their test site doesn't seem to recognize openvpn... claims these sites don't use openvpn.
It may also be possible that -- since the PIA domains I gave it likely support protocols other than openvpn -- their tool saw something else on another port and stopped concluded "SSL/TLS not supported".
So far, it seems like a junk study to me which is too bad.... I would have liked some accurate feedback about VPN services I'm interested in (including the service that /. is pushing).
I'm typing VPN domains into their testing tool and its telling me "This site doesn't support SSL/TLS".
Last time I checked, most VPNs based on openvpn use TLS, like the ones I tried. My VPN config for privateinternetaccess.com requires "tls-client" directive and it uses a certificate to validate the server.
So I don't know what this article is talking about. If openvpn (which uses TLS) is too 'different' a protocol for their tools to examine, then there is something very wrong with the study its based on.
Yes, Gillard was for the TPP, but the carbon tax is the main reason why the Murdoch empire came out against Labor. The oligarchs are very picky these days: They want total loyalty to their version of capitalism on all the issues.
You should re-name your country to Murdochville. His declared 'war against labor' (and lions share of the news media) is the reason why Australian politics looks the way it does in 2016.
Bluetooth is closed and poorly vetted. Do not count on it being secure.
When I pressed the update icon in my toolbar (linux mint 17) I got a strange alert saying "cannot verify that the software is what it is supposed to be" (can't recall the exact wording, but everything I have read here and elsewhere said to me "don't install stuff you don't trust and can't verify"
So, I clicked cancel. The updates were fishy, even though they were through a legitimate source, but who knows when that source could get hacked?
Thanks slashdot for all the paranoia over security for the past 15 years, it's paid off, just last night. :) Cheers!
To all the jerks that say I have a tinfoil hat, have fun with your viruses!
That's exactly what you were supposed to do! And its properly called precaution, not paranoia.
but the other question is, were users verifying the md5/sha1 checksums on the ISO images? how would they do that (when usually they will be downloading a check-program from the same website)? would they *know* to verify the checksums?
Seriously?? This is why public keys exist...