In an information age, tyranny of elites is worse because it tries to manufacture ignorance and information scarcity.
The 'mob rule' concept assumes widespread ignorance and lack of access. In a society where education is practically universal, I don't think that applies. For most of the time I've been observing politics, its the elites who have been demonstrating most of the stereotypical maladies associated with 'tyranny of the majority': Tendencies toward burying information, turning privacy-transparency relationships in society upside-down, making hysteria and reaction an organizing principle. Corporate aristocrats have turned into the things they most warned us against; They are a pack of wolves.
Every society with some claim on "democracy" should have the means to re-trench the level of democratic participation beyond some minimum standard... to find a way to balance itself on a year to year basis without having to undergo major convulsions.
With that said, this is one of the sites that popularized the term "blackboxvoting" or BBV in the early 2000s. It became clear long ago that the current state of computing is not equipped to securely deal with high-stakes anonymous transactions; Computers today should not be trusted with the vote beyond printing out physical ballots. Even open software cannot fix this problem, because it tends to ignore a lot of the exploitable, idiosyncratic behavior in firmware and hardware as well... the computing stacks are mostly un-auditable.
Here is an email guide to start with (there are no ideally private email providers, but many are better than gmail). Riseup and ProtonMail look interesting.
A note about using PGP email: This still leaves a trail that is rich in metadata (the who/when/where parts of the messages). Only the what is concealed, leaving much to be desired.
More interesting are new messaging apps which the EFF has rated. I think Signal, Ostel+Jitsi and RetroShare look the most promising. Ring is a newcomer that uses OpenDHT and promises to be what Skype might have been.
For just increasing privacy a couple notches while browsing, add the following extensions (Firefox): Privacy Badger, HTTPS Everywhere, Adblock Edge (not sure if AE is really needed with PB). Using a Firefox derivative like IceWeasel or PaleMoon won't likely include ad-based features that might compromise privacy (though Mozilla is said to have removed ads anyway).
As for browsing with Tor, you cannot beat Qubes OS with the Whonix package. This will help you blend in more and prevent exploits over Tor from accessing any personal data. A system with IOMMU hardware and BIOS is recommended.
After all these years, I2P is still progressing and growing. It marries technologies like onion routing and DHT and its 'I2P Bote' messenger may be the best in class, IMO. Of course, I2P is meant to route all kinds of traffic and even has bittorrent built-in. I'd also recommend running I2P in a Qubes domain, although it comes with TAILS if you're more comfortable booting with that.
Cryptography is useless without strong endpoint security, and Qubes offers the latter. As for UX, the launcher menus look awful (app links duplicated for each VM you create) but it gets better from there. The thing to remember is that Qubes UI is still under development, and its getting better.
I'm not sure why you think Qubes offers only a false sense of security. It does exactly the opposite of promising that any exposed apps or domains will remain secure; What's important is their strict isolation from each other.
Unity only incorporates a couple mobile UI elements... The rest of the changes are riffing off of OS X and I think they do a pretty good job. The ample keyboard shortcuts (which are listed when you log in) are very PC and more specifically very Mac-like (Macs were never about chaining people to pointer inputs). The menus are similarly Mac-like, not like Android or iOS at all.
A mistake they made with Unity was cutting the user off from being able to hierarchically discover the available programs and utilities. OS X supplies this naturally in the filesystem, but the Linux paradigm had no elegant way to mesh a "start menu" with an OS X style task bar.
Get over it. systemd won and syslog and stderr lost.
Actually, this can't be emphasized enough. Systemd is one of the few architectural initiatives emanating from Red Hat's ken that actually improves the operation of desktop systems. There was SO much broken power management in Linux before Upstart and then systemd came along it was like a never-ending joke (which users felt was being played on _them_). As a proponent of desktop PCs (not just Linux-based) I see improvements from systemd all over the system.
In many ways, Canonical is trying to pull the Linux desktop in the direction of OS X. That is not a bad thing as long as they understand that both Apple and MS have a lot of unexpressed rules about how to build and promote a consumer platform -- I think Canonical gets it and the rest absolutely do not. Their early move to ensure variations with alternate default DEs used different names was more important that many here probably realize. Their attention to hardware testing and certification was another thing they got (mostly) right. Assembling an SDK to attract new app developers was also a first-class move.
Canonical's big mistake? Exactly what the OP refers to: Over-commercializing to the point where privacy seems compromised. I'm glad they finally recognized this error. Where they could improve is to remove the *dependence* on local search... OS X never removed the old means of finding apps, which is an important avenue for users to visually discover what is available on a system. Ubuntu needs a hierarchical launch menu back, but the reason they're floundering here is probably because they never duplicated OS X's system of app bundles -- would be awesome if they did.
Qubes is picking up momentum plus Edward Snowden, The Intercept and the European Parlaiment have given it kudos recently as an enhanced security environment. It now has special integration with Whonix, which keeps Tor sessions isolated within your system, and an implementation of splitGPG to keep private keys secure. They are due to release version 3.1 soon (the 3.0 release brought some big changes and laid the groundwork for a new, distributed development process).
Nowadays people are turning to apps like Signal and RetroShare. Another interesting option is Ostel. For browsing and other PC apps, running Tor on Whonix fits the bill.
Even if they're an open design: Why, exactly, do we need different ones? This looks like a typical attempt to drive sales based on a geek-fashion buzzword like "stacking".
IOW, scientific evidence is invalid if the conditions were not experienced directly, with day-by-day updates. Its just a lot a hand-waving "you don't know, you don't know..." over and over. But the amount of evidence supporting catastrophic AGW is staggering and growing constantly. You just can't stomach to read the science anymore, which is why all you've got is know-nothing blather.
The fact that the oceans and biosphere take many thousands of years to absorb the volumes of CO2 we're talking about (and that warming lags behind emissions by decades) would seem to be lost. If you read leading paleoclimatologists like Peter Ward, you'll see that past oceanic chemistry and chronology is quite detectable and is being paid close attention.
We don't actually know. We don't have evidence. We have salesmen yet agin peddling a particular story.
Like I said, a wall of denial and a shift from "evidence" to demands for absolute certainty (which also has nothing to do with science), this time referring to leading scientists (in a pure research field, no less) as "salesmen". I suppose the "salesmen" are also engaged in a conspiracy, and if Congress just harasses them one more time we'll finally find it.
Gotta love it!
You've given no reason to consider why the law of unintended consequences is more important for economics than it is for ecology. Its evident to me that (like modern medicine) ecology provides the reasons why some cheap-and-nasty technologies and practices are not allowed, and that the economy has to work with such limits.
The way I see it, there is plenty of room to improve security on mobile devices. Maybe there are some other goals that could be incorporated in "new and innovative" products as well, but security is the big one for me. Mozilla seems like all the rest in its mobile offering: Look, a slightly new UI! But security as a top-tier feature with the kind of focus that could cause a paradigm shift? Forget it.
There's no reason for me to adopt FF OS, with few users and available apps, then suffer some ignominious revelation that I paid for yet another swiss cheese device that any sane person should be afraid to use.
I think the only unique angle they had with FF OS was that the "platform" was simply web server meets browser. IOW, more mainframe-oriented than even iOS and Android. No, thanks; I'm not looking for a fancy terminal.
Evidence distinguishes between hypotheses. You have not presented evidence. For example, there's no evidence to support the assertion that current rates of change are faster than they were during actual extinction events. Second, there is a conflation of rate of change with amount of change.
This looks like a wall of denial to me, and a complete inability to reference anything credible. In the context of science as a social process, that indicates failure.
As for the rate of change, our emissions are actually outstripping what occurred before past extinction events. During the PETM, the rate of CO2 buildup was 2B metric tons per year while today it is 30B metric tons per year.
There is no "do nothing" option.
When doing something is worse than doing nothing, then there is such an option.
What you call "do nothing" is in fact doing something. It means we as a species are polluting the environment, changing it for the worse. That is doing something, although it may not seem that way from your viewpoint as an entitled consumer.
We have the choice of continuing current biosphere-damaging industrial processes (the real extreme here) or switching to processes that stay within ecological limits that the biosphere is able to handle.
You ignore here that the primary biosphere-damaging process is population growth. This is driven primarily by poverty. From the variety of poorly executed climate mitigation schemes that have already taken place, there seems to me to be a strong indication that we will see poverty increase with any of the desired hardcore climate change options, and that in turn will result in an increase in population and in climate change.
Population has a lot to do with it, but cannot be singled-out. Fossil fuel use and industrialization in the West led to a population boom first in the West (along with a boom in emissions per capita) and then elsewhere. But widespread female education and careerism, for instance, can curtail or stop population growth (and increase wealth and environmental health) IF the supporting industrial processes are cleaned up. We are facing systemic failure with multiple reinforcing factors and there are many different aspects to mitigating it.
Yes, there is growing evidence. If the oceans became anoxic in past global warming extinction events, then it stands to reason that anoxia is a risk in the anthropocene.
You have to be in deep denial to think the oceanic (or land-based) food chain "seems just fine". It is anything but.
There is no "do nothing" option. We have the choice of continuing current biosphere-damaging industrial processes (the real extreme here) or switching to processes that stay within ecological limits that the biosphere is able to handle.
...has not been shown to be safe. So the burden of proof is on those who lean towards doing "nothing" (keep polluting).
The base of the oceanic food chain is at risk of shutting down, due to both acidification from CO2 and warming. That is serious Sh!t.
Preaching the gospel of unintended consequences in the market isn't very convincing when steadfastly trying to ignore the unintended consequences on our entire physical existence -- like money is more important than the biosphere.
Fear not, the Clintons have made 'getting in on the act' their career. Bill Clinton picked up the neocon script back in 1998, stating that Iraq had WMD and Saddam had to be deposed: https://www.youtube.com/watch?...
Some reading about Hillary's favorite neocons (having become one herself):
At the altar of sacrosanct police and military spending you'll find the most anti-welfare-state, anti-public-infrastructure activists imaginable. And notice that its *private* services that always seem to be on the cutting edge of expanding surveillance in this country.
Police states form when the political class feels that police and military are the first and last resort to peace and prosperity. And they may resort to impoverishing the public to keep those police and soldiers well staffed and well fed.
That's what I never understood about GMO claims of sterility (terminator gene, etc)... How can they be certain their genes breed true 100% of the time? Individual organisms undergo natural mutations/even/ if they are produced by a genetic engineering process.
FF still ignores OS themes, making their special "complete themes" necessary for many people. And I do mean "necessary"...
I like to read at night without having to turn display brightness to nearly zero (which is still too bright and makes everything look like dishwater). Even if I use an extension like BYM to darken web pages, I still have the FF GUI blaring at my eyes. The solution is to use an addon like DeepDark to tame the UI.
Now I'll have a browser that neither honors my Gnome dark theme setting, nor honors its own custom dark theme. THAT is a clusterf*ck.
TL;DR... Sorry, Xen has far, far fewer major vulns than Linux and I was being generous in the linked comparison. Type-1 hypervisors are firmly entrenched in security culture. They are one of the few things that actually work.
As for OpenBSD, too many of its vulns are marked as partially fixed. No thanks. The user base is still miniscule and coasting on a kind of security by obscurity. Plus, there are now L4 distros that are about as functional.
The 'point' about x86 is disingenuous. I don't see you suggesting different hardware......
I'd disagree on most points. Although 3D is a challenge for the Qubes project, it is possible to securely use it... if you dedicate a second video card to a VM. Fully integrated (properly virtualized) 3D is in development. Anyway, who uses OpenBSD for 3D apps??
Qubes does not use temporary home dirs by default (unless you're using a disposable VM).
Readonly-ness of apps/configs is a feature of Qubes' template-based VMs. If you don't want that, then create standalone VMs. Its your choice.
LOL... Those are bad examples. The first is virtualbox, a type-2 hypervisor. The second one might be exploitable once in a blue moon (generally, the attacker will gain a little info outside any VMs). The third one was from a floppy driver that one gets when installing the full-fat qemu inside dom0 (which seems pointless) -- it also didn't affect Qubes or AWS.
The CVE-2015-7835 which just occurred is a good example of a Xen vulnerability. Still, quantity and severity matter. Linux has racked up 3X the number of CVEs over 5.0 so far this year, compared to Xen. And of those, Xen had zero with a score of 8.0 or higher -- while Linux had a staggering six. Xen has had only two of these (both 8.3) ever, so looking back to Jan. 2015 is being very, very kind to Linux.
I think what the CVE charts are showing is an inherent mitigation effect due to structural features of type-1 hypervisor.
I sleep much better knowing Xen is 1/10th the size of OpenBSD's kernel (which is still monolithic like Linux). The bolt-on-security-afterward mindset has led to one very positive trend: Running Linux instances under type-1 hypervisors.
Think about how much of the Web (indeed, the world) runs under Amazon AWS/EC2. That is Xen.
Linux mostly provides features, and while Torvalds has not fully woken-up to this fact, the software ecosystem has and it is providing a better form of security-correctness than the BSDs can.
Slashdot Mirror
In an information age, tyranny of elites is worse because it tries to manufacture ignorance and information scarcity.
The 'mob rule' concept assumes widespread ignorance and lack of access. In a society where education is practically universal, I don't think that applies. For most of the time I've been observing politics, its the elites who have been demonstrating most of the stereotypical maladies associated with 'tyranny of the majority': Tendencies toward burying information, turning privacy-transparency relationships in society upside-down, making hysteria and reaction an organizing principle. Corporate aristocrats have turned into the things they most warned us against; They are a pack of wolves.
Every society with some claim on "democracy" should have the means to re-trench the level of democratic participation beyond some minimum standard... to find a way to balance itself on a year to year basis without having to undergo major convulsions.
With that said, this is one of the sites that popularized the term "blackboxvoting" or BBV in the early 2000s. It became clear long ago that the current state of computing is not equipped to securely deal with high-stakes anonymous transactions; Computers today should not be trusted with the vote beyond printing out physical ballots. Even open software cannot fix this problem, because it tends to ignore a lot of the exploitable, idiosyncratic behavior in firmware and hardware as well... the computing stacks are mostly un-auditable.
PIA doesn't log IIRC, and they have good deals.
Here is an email guide to start with (there are no ideally private email providers, but many are better than gmail). Riseup and ProtonMail look interesting.
A note about using PGP email: This still leaves a trail that is rich in metadata (the who/when/where parts of the messages). Only the what is concealed, leaving much to be desired.
More interesting are new messaging apps which the EFF has rated. I think Signal, Ostel+Jitsi and RetroShare look the most promising. Ring is a newcomer that uses OpenDHT and promises to be what Skype might have been.
For just increasing privacy a couple notches while browsing, add the following extensions (Firefox): Privacy Badger, HTTPS Everywhere, Adblock Edge (not sure if AE is really needed with PB). Using a Firefox derivative like IceWeasel or PaleMoon won't likely include ad-based features that might compromise privacy (though Mozilla is said to have removed ads anyway).
As for browsing with Tor, you cannot beat Qubes OS with the Whonix package. This will help you blend in more and prevent exploits over Tor from accessing any personal data. A system with IOMMU hardware and BIOS is recommended.
After all these years, I2P is still progressing and growing. It marries technologies like onion routing and DHT and its 'I2P Bote' messenger may be the best in class, IMO. Of course, I2P is meant to route all kinds of traffic and even has bittorrent built-in. I'd also recommend running I2P in a Qubes domain, although it comes with TAILS if you're more comfortable booting with that.
A rule that makes no sense during congestion, I might add. That means its more of an exception than a rule in many places.
Cryptography is useless without strong endpoint security, and Qubes offers the latter. As for UX, the launcher menus look awful (app links duplicated for each VM you create) but it gets better from there. The thing to remember is that Qubes UI is still under development, and its getting better.
I'm not sure why you think Qubes offers only a false sense of security. It does exactly the opposite of promising that any exposed apps or domains will remain secure; What's important is their strict isolation from each other.
Unity only incorporates a couple mobile UI elements... The rest of the changes are riffing off of OS X and I think they do a pretty good job. The ample keyboard shortcuts (which are listed when you log in) are very PC and more specifically very Mac-like (Macs were never about chaining people to pointer inputs). The menus are similarly Mac-like, not like Android or iOS at all.
A mistake they made with Unity was cutting the user off from being able to hierarchically discover the available programs and utilities. OS X supplies this naturally in the filesystem, but the Linux paradigm had no elegant way to mesh a "start menu" with an OS X style task bar.
Get over it. systemd won and syslog and stderr lost.
Actually, this can't be emphasized enough. Systemd is one of the few architectural initiatives emanating from Red Hat's ken that actually improves the operation of desktop systems. There was SO much broken power management in Linux before Upstart and then systemd came along it was like a never-ending joke (which users felt was being played on _them_). As a proponent of desktop PCs (not just Linux-based) I see improvements from systemd all over the system.
In many ways, Canonical is trying to pull the Linux desktop in the direction of OS X. That is not a bad thing as long as they understand that both Apple and MS have a lot of unexpressed rules about how to build and promote a consumer platform -- I think Canonical gets it and the rest absolutely do not. Their early move to ensure variations with alternate default DEs used different names was more important that many here probably realize. Their attention to hardware testing and certification was another thing they got (mostly) right. Assembling an SDK to attract new app developers was also a first-class move.
Canonical's big mistake? Exactly what the OP refers to: Over-commercializing to the point where privacy seems compromised. I'm glad they finally recognized this error. Where they could improve is to remove the *dependence* on local search... OS X never removed the old means of finding apps, which is an important avenue for users to visually discover what is available on a system. Ubuntu needs a hierarchical launch menu back, but the reason they're floundering here is probably because they never duplicated OS X's system of app bundles -- would be awesome if they did.
Qubes is picking up momentum plus Edward Snowden, The Intercept and the European Parlaiment have given it kudos recently as an enhanced security environment. It now has special integration with Whonix, which keeps Tor sessions isolated within your system, and an implementation of splitGPG to keep private keys secure. They are due to release version 3.1 soon (the 3.0 release brought some big changes and laid the groundwork for a new, distributed development process).
Nowadays people are turning to apps like Signal and RetroShare. Another interesting option is Ostel. For browsing and other PC apps, running Tor on Whonix fits the bill.
Even if they're an open design: Why, exactly, do we need different ones? This looks like a typical attempt to drive sales based on a geek-fashion buzzword like "stacking".
IOW, scientific evidence is invalid if the conditions were not experienced directly, with day-by-day updates. Its just a lot a hand-waving "you don't know, you don't know..." over and over. But the amount of evidence supporting catastrophic AGW is staggering and growing constantly. You just can't stomach to read the science anymore, which is why all you've got is know-nothing blather.
The fact that the oceans and biosphere take many thousands of years to absorb the volumes of CO2 we're talking about (and that warming lags behind emissions by decades) would seem to be lost. If you read leading paleoclimatologists like Peter Ward, you'll see that past oceanic chemistry and chronology is quite detectable and is being paid close attention.
We don't actually know. We don't have evidence. We have salesmen yet agin peddling a particular story.
Like I said, a wall of denial and a shift from "evidence" to demands for absolute certainty (which also has nothing to do with science), this time referring to leading scientists (in a pure research field, no less) as "salesmen". I suppose the "salesmen" are also engaged in a conspiracy, and if Congress just harasses them one more time we'll finally find it.
Gotta love it!
You've given no reason to consider why the law of unintended consequences is more important for economics than it is for ecology. Its evident to me that (like modern medicine) ecology provides the reasons why some cheap-and-nasty technologies and practices are not allowed, and that the economy has to work with such limits.
So now its not about weighing the evidence... its shifted to "actually knowing". This is a confusionist tactic and has nothing to do with science.
The way I see it, there is plenty of room to improve security on mobile devices. Maybe there are some other goals that could be incorporated in "new and innovative" products as well, but security is the big one for me. Mozilla seems like all the rest in its mobile offering: Look, a slightly new UI! But security as a top-tier feature with the kind of focus that could cause a paradigm shift? Forget it.
There's no reason for me to adopt FF OS, with few users and available apps, then suffer some ignominious revelation that I paid for yet another swiss cheese device that any sane person should be afraid to use.
I think the only unique angle they had with FF OS was that the "platform" was simply web server meets browser. IOW, more mainframe-oriented than even iOS and Android. No, thanks; I'm not looking for a fancy terminal.
Evidence distinguishes between hypotheses. You have not presented evidence. For example, there's no evidence to support the assertion that current rates of change are faster than they were during actual extinction events. Second, there is a conflation of rate of change with amount of change.
This looks like a wall of denial to me, and a complete inability to reference anything credible. In the context of science as a social process, that indicates failure.
As for the rate of change, our emissions are actually outstripping what occurred before past extinction events. During the PETM, the rate of CO2 buildup was 2B metric tons per year while today it is 30B metric tons per year.
There is no "do nothing" option.
When doing something is worse than doing nothing, then there is such an option.
What you call "do nothing" is in fact doing something. It means we as a species are polluting the environment, changing it for the worse. That is doing something, although it may not seem that way from your viewpoint as an entitled consumer.
We have the choice of continuing current biosphere-damaging industrial processes (the real extreme here) or switching to processes that stay within ecological limits that the biosphere is able to handle.
You ignore here that the primary biosphere-damaging process is population growth. This is driven primarily by poverty. From the variety of poorly executed climate mitigation schemes that have already taken place, there seems to me to be a strong indication that we will see poverty increase with any of the desired hardcore climate change options, and that in turn will result in an increase in population and in climate change.
Population has a lot to do with it, but cannot be singled-out. Fossil fuel use and industrialization in the West led to a population boom first in the West (along with a boom in emissions per capita) and then elsewhere. But widespread female education and careerism, for instance, can curtail or stop population growth (and increase wealth and environmental health) IF the supporting industrial processes are cleaned up. We are facing systemic failure with multiple reinforcing factors and there are many different aspects to mitigating it.
Yes, there is growing evidence. If the oceans became anoxic in past global warming extinction events, then it stands to reason that anoxia is a risk in the anthropocene.
And that temperature risk is on top of the acidification risk which is already being felt.
http://thinkprogress.org/clima...
http://news.mit.edu/2015/ocean...
You have to be in deep denial to think the oceanic (or land-based) food chain "seems just fine". It is anything but.
There is no "do nothing" option. We have the choice of continuing current biosphere-damaging industrial processes (the real extreme here) or switching to processes that stay within ecological limits that the biosphere is able to handle.
...has not been shown to be safe. So the burden of proof is on those who lean towards doing "nothing" (keep polluting).
The base of the oceanic food chain is at risk of shutting down, due to both acidification from CO2 and warming. That is serious Sh!t.
Preaching the gospel of unintended consequences in the market isn't very convincing when steadfastly trying to ignore the unintended consequences on our entire physical existence -- like money is more important than the biosphere.
Very interesting... and probable.
Fear not, the Clintons have made 'getting in on the act' their career. Bill Clinton picked up the neocon script back in 1998, stating that Iraq had WMD and Saddam had to be deposed: https://www.youtube.com/watch?...
Some reading about Hillary's favorite neocons (having become one herself):
http://www.nytimes.com/2014/07...
http://www.nytimes.com/2014/06...
https://consortiumnews.com/201...
At the altar of sacrosanct police and military spending you'll find the most anti-welfare-state, anti-public-infrastructure activists imaginable. And notice that its *private* services that always seem to be on the cutting edge of expanding surveillance in this country.
Police states form when the political class feels that police and military are the first and last resort to peace and prosperity. And they may resort to impoverishing the public to keep those police and soldiers well staffed and well fed.
That's what I never understood about GMO claims of sterility (terminator gene, etc)... How can they be certain their genes breed true 100% of the time? Individual organisms undergo natural mutations /even/ if they are produced by a genetic engineering process.
FF still ignores OS themes, making their special "complete themes" necessary for many people. And I do mean "necessary"...
I like to read at night without having to turn display brightness to nearly zero (which is still too bright and makes everything look like dishwater). Even if I use an extension like BYM to darken web pages, I still have the FF GUI blaring at my eyes. The solution is to use an addon like DeepDark to tame the UI.
Now I'll have a browser that neither honors my Gnome dark theme setting, nor honors its own custom dark theme. THAT is a clusterf*ck.
No right to privacy, eh? If you're building a police state, it makes for a convenient combination of priorities.
For that matter, why not make free speech a fundamental right? Or has Cameron forgotten he's in the UK?
See my other response here.
TL;DR... Sorry, Xen has far, far fewer major vulns than Linux and I was being generous in the linked comparison. Type-1 hypervisors are firmly entrenched in security culture. They are one of the few things that actually work.
As for OpenBSD, too many of its vulns are marked as partially fixed. No thanks. The user base is still miniscule and coasting on a kind of security by obscurity. Plus, there are now L4 distros that are about as functional.
The 'point' about x86 is disingenuous. I don't see you suggesting different hardware......
I'd disagree on most points. Although 3D is a challenge for the Qubes project, it is possible to securely use it... if you dedicate a second video card to a VM. Fully integrated (properly virtualized) 3D is in development. Anyway, who uses OpenBSD for 3D apps??
Qubes does not use temporary home dirs by default (unless you're using a disposable VM).
Readonly-ness of apps/configs is a feature of Qubes' template-based VMs. If you don't want that, then create standalone VMs. Its your choice.
LOL... Those are bad examples. The first is virtualbox, a type-2 hypervisor. The second one might be exploitable once in a blue moon (generally, the attacker will gain a little info outside any VMs). The third one was from a floppy driver that one gets when installing the full-fat qemu inside dom0 (which seems pointless) -- it also didn't affect Qubes or AWS.
The CVE-2015-7835 which just occurred is a good example of a Xen vulnerability. Still, quantity and severity matter. Linux has racked up 3X the number of CVEs over 5.0 so far this year, compared to Xen. And of those, Xen had zero with a score of 8.0 or higher -- while Linux had a staggering six. Xen has had only two of these (both 8.3) ever, so looking back to Jan. 2015 is being very, very kind to Linux.
I think what the CVE charts are showing is an inherent mitigation effect due to structural features of type-1 hypervisor.
I sleep much better knowing Xen is 1/10th the size of OpenBSD's kernel (which is still monolithic like Linux). The bolt-on-security-afterward mindset has led to one very positive trend: Running Linux instances under type-1 hypervisors.
Think about how much of the Web (indeed, the world) runs under Amazon AWS/EC2. That is Xen.
Linux mostly provides features, and while Torvalds has not fully woken-up to this fact, the software ecosystem has and it is providing a better form of security-correctness than the BSDs can.