Part of the SecureDrop Workstation project (currently in a closed-beta pilot phase), SecureDrop Client uses @QubesOS to help journalists safely communicate with sources. General availability is planned later this year!
#ViernesDeEscritorio Llevo unos días utilizando #QubesOS una distribución basada en la seguridad de tus datos, pero no tanto en el anonimato para eso se tendrían que seguir algunas consideraciones extra (claro que puedes hacer que todo corra por Tor), la verdad me parece interesante trabajar todo por máquinas virtuales separadas y lo más “Difícil” fue acostumbrarme que las MV sufren un tipo de amnesia de lo que le instalaste al hacer reboot pero eso se resuelve instalando en las plantillas base
Love that NetworkChuck shows @QubesOS but he really should have demonstrated it on a @tuxedocomputers machine, they are great for it 😍 :qubes: :sexybiggetje: #linux#qubesos
A thing that I would love to get across about unpaid tech work, rolling your own [x], and running only the purest and most secure technical systems, is that if you add up enough factors like:
raising kids;
chronic illness or disability;
caring for sick, disabled, or dying family members;
community service;
a non-technical job
…just for starters, the tech stuff is going to get triaged way down the list. And a lot of those factors are not evenly distributed, demographically!
Oh no, don't want that I beg, our views are not mutually exclusive, you comment on "running only the purest and most secure technical systems"; I speak not of #openBSD, or #QubesOS, but of Debian being used only through a GUI.
I apologise that I conveyed my agreement with you so poorly.
I hope there might be a Third Way that lets people have a little cake, and eat it.
UEFI getting owned by the vendor logo parser code is extremely on brand.
Tons of time and effort put into securing platform stuff and it gets popped anyway because execs want the laptop to show the user a Lenovo logo for 3 seconds on boot even though it's already printed right there on the fucking laptop.
It also shouldn't be able to affect a #QubesOS system that hasn't been entirely pwn'd.
It also vindicates my dislike of most image parsers & codec implementation choices, again, even more damningly than libwebp did.
> The results raise a vexing question: If fuzzers identified so many exploitable vulnerabilities, why hadn’t the developers of the UEFIs (often called IBVs or independent BIOS vendors) and the OEMs selling the devices already used these tools and fixed the underlying bugs?
Because they largely don't give a shit. We've known this for a while now.
Literally none of those bugs would work if they'd written the firmware in strict Ada SPARK like they should've for something as security-critical.
Quelqu'un ici a réussi à transférer ses photos depuis son ordiphone #Android vers une #Debian sous #QubesOS (merci de ne répondre que si vous utilisez ou avez utilisé #QubesOS : il est TRÈS spécifique) ?
Pour le moment, je passe par un poste annexe, et cela me saoule.
*** Edit 06/11 13 h 28 : il semblerait que ce soit toujours un bogue connu non résolu (comme il y a quelques mois).
Voir : https://infosec.exchange/@S1m/111360486002302612
Toute information sourcée & confirmée qui indiquerait que le bogue a été traité est la bienvenue. ***
*** Note 2 : je me refuse à « bricoler » : j'évite de créer des vulnérabilités en utilisant des outils qui ne sont pas faits pour garantir la sécurité. C'est aussi pour cela que QubesOS est précieux et très particulier.
S'il faut bricoler, je continuerai à passer par un autre poste et une clef USB sécurisée. ***
TechPizzaMondays is a weekly social event in Toronto that serves as a place for intellectual curiosity and friendship over shared pizza.
It also serves as a users group for Free and Open tech, including everything Fediverse, Linux , GrapheneOS , QubesOS , XMPP , etc etc etc. If you enjoy technological Freedom, we look forward to meeting you :)
We meet every Monday evening at Victory Cafe at 6pm, and usually go till ~9.
Redid my @purism Librem 14 laptop post #DEFCON so now it has everything isolated again properly and now signal for both of my phone lines. #infosec#cybersecurity#linux#QubesOS
I hate to be that guy, but if you’re asking for help to install #Kali#Linux you’re probably not ready for Kali Linux. Learn to walk before you run. It’s the same thing I tell people with Qubes OS.
@chiefgyk3d#QubesOS isn't bad as long as you've got a brain, compatible hardware, and don't stray too far from their usage guides. It's harder than Windows, but once you grok it it's not a big deal.
I'm already using #emacsql but it's not quite the same as having it built-in (and I also found out about it after I'd already made a bunch of these unixy hacks...).
Particularly, the built-in support is compatible with non-Emacs SQLite use, while emacsql requires keeping Elisp-readable for everything.
I could do it with #Guix, but then that means my configurations aren't portable to those qubes and machines on which I purposely do not put Guix. ANd while I could handle an additional layer of environment variability... I really don't feel like it.
There's still a lot to do. For example, they can't really be used for system appvms, but I've been using a manually built template for a year, and it's been great!
The last few major hardware vulnerabilities all had it as a pretty central part of exploitation.
Is the slight gain in performance worth the #security tradeoff? I don't think so.
For Qubes, it's possible to ensure only threads from the same #Xen VM/trust-domain run collocated on a core, but for more conventional OSes, that's much harder to guarantee.
Yesssss! After fighting with this for a month, my laptop is back running with #qubesos. I highly recommend #novacustom laptops. Great customer service.
@dusnm +1 It provides everything I need as a power user. But it's also extremely intuitive for my not very techy friends to use.
It makes me really sad not to use Gnome anymore because my paranoia makes me freak out when using anything other than #QubesOS and that sadly doesn't properly support Gnome (yet).
But... Everyone just has their own preferences. More than any individual desktop environment or window manager, I like the fact that we can choose :)
I finally got parts in to repair my #ipodclassic for tomorrow's stream. New battery and cases. Hopefully we can get both of the #ipod repaired or at the least get one fully functioning. Also the HDD cable in case that was the issue on the other one, double-sided tape for device repair from my cell phone repair days and you can catch me on #Twitch around 7PM EST tomorrow. We'll do some more #qubesos and #Linux tinkering and #gaming #gamingonlinux#streamer#infosec#cybersecurity#righttorepair
Is it worth overpaying for extra RAM in laptops that cannot be upgraded later? 8GB? 16GB? 32GB? 64GB? 128GB? What are your bare minimum requirements these days?