Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Virtualization Security Technology Linux

Xen-Based Secure OS Qubes Hits 1.0 175

Orome1 writes "Joanna Rutkowska, CEO of Invisible Things Lab, today released version 1.0 of Qubes, a stable and reasonably secure desktop OS. It is the most secure option among the existing desktop operating systems — even more secure than Apple's iOS, which puts each application into its own sandbox and does not count on the user to make security decisions. Qubes will offer users the option of using disposable virtual machines for executing tasks they believe could harm their computer. These VMs will be lightweight, easily and extremely speedily created and booted, and would be just as easy to discard." First covered back in 2010. See some screenshots of the X11 part in action (and they say displaying clients from multiple "hosts" isn't useful...)
This discussion has been archived. No new comments can be posted.

Xen-Based Secure OS Qubes Hits 1.0

Comments Filter:
  • by R_Growler ( 84235 ) on Monday September 03, 2012 @06:07PM (#41217265)

    Because the first thing I see is:
    Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic).

    Oh goodie...

    Think I'll go with this one ;) : ... or you might try to download the ISO via bit torrent:

    • by 0123456 ( 636235 ) on Monday September 03, 2012 @06:29PM (#41217443)

      Because the first thing I see is:
      Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic).

      Real men use wget. Or telnet.

      • Because the first thing I see is:
        Note: Be sure that you use a modern, non-handicapped browser to access the links below (e.g. disable the NoScript and the likes extensions that try to turn your Web Browser essentially into the 90's Mosaic).

        Real men use wget. Or telnet.

        Definitely telnet. It's the most secure.

        • Definitely telnet. It's the most secure.

          Putty Putty Putty

          Green Green Putty

          I found in my armpitty

          One midsummers morning

      • Real men use wget. Or telnet [google.com].

        TFTFY

      • by mattr ( 78516 )

        Real me use curl. Or ssh.
        updated that for you

    • by fm6 ( 162816 ) on Monday September 03, 2012 @07:41PM (#41218021) Homepage Journal

      I haven't visited the Qubes web site, But the fact that No'Script breaks it is not a big issue, NoScript breaks half the sites on the web. NoScript assumes that all scripting is evil and that you should never allow it unless you absolutely have to — after multiple warning from NoScript as to how dangerous it is.

      If you think this is a sane approach to security, you should consider abandoning graphical browsers altogether. I think Lynx is still being maintained.

      • by 0123456 ( 636235 )

        NoScript breaks half the sites on the web.

        No, it doesn't. But thanks for playing.

      • by Black LED ( 1957016 ) on Monday September 03, 2012 @08:02PM (#41218199)
        If your site breaks because the client doesn't have JavaScript enabled, then you are doing it wrong. The site should gracefully degrade so that anyone can use it.
        • Re: (Score:3, Interesting)

          by smash ( 1351 )
          should, yes. most of the web does not.
          • Re: (Score:3, Insightful)

            by forkazoo ( 138186 )

            should, yes. most of the web does not.

            Thankfully, most of the web that does not, isn't useful. Seriously, after adding necessary exceptions for a few days, the overwhelming majority of the web that I care about works just fine with NoScript installed. Most of what doesn't work is stupid, and the vanishingly small remainder is easy enough to whitelist with a click or two. Anything that requires clicking through whitelisting 37 domains to make it work properly, usually just turns out to be an adcrap laden

        • by Seahawk ( 70898 )

          Isn't that like saying: "Your application shouldn't break because a windowing system isn't available, but instead fall back to curses"?

          Sometimes, IMHO, it's just not worth it to have a non-js enabled fallback.

          • I would say it's more akin to someone sending you an HTML formatted email without an option for a plain text version.
      • NoScript assumes that all scripting is evil and that you should never allow it unless you absolutely have to — after multiple warning from NoScript as to how dangerous it is.

        Given the number of security holes in JavaScript implementations and the lack of adequate sandboxing in modern browsers, that's not too much of a stretch. Even if you trust the site, do you trust the guy who paid $10 to put an advert on it?

        • by Lennie ( 16154 )

          Really how many Javascript security holes have their been the last 10 years ?

          In 99 of the 100 cases it was the Java or Acrobat Reader plugin which was the real problem. They just use Javascript to deliver it, but didn't have to.

          • There have been no JavaScript security holes. There have, however, been a number of security holes in V8, in SpiderMonkey, etc. Just look up the numbers yourself if you're interested. The exact number depends on whether you are limited just to the JavaScript JIT, or if you include the DOM and related components.
            • by Lennie ( 16154 )

              Yes, I know that. I'm just saying it is a much smaller problem than the plugins.

              Especially with rapid release like Chrome and Firefox use to keep your browser up to date.

      • by Hatta ( 162192 )

        NoScript assumes that all scripting is evil and that you should never allow it unless you absolutely have to

        Is that not actually the case? The fact that NoScript breaks half the sites on the web is a problem with the web, not a problem with NoScript.

    • by sjames ( 1099 )

      I have no idea why it says that, the links appear to work fine with noscript in full force.

  • by WD ( 96061 ) on Monday September 03, 2012 @06:21PM (#41217373)

    Apparently Qubes can't be installed in VMware Fusion. This occurs with both the default boot mode and the "failsafe" VESA mode. I supposed that does indeed make it the most secure operating system possible.

    • by cpghost ( 719344 )
      Let me guess (correct me if I'm wrong: I didn't check out Qubes yet...): Qubes may be something like a Dom0 platform with its own hypervisor, and isn't supposed to run in DomU environments, i.e. in yet another virtual machine. Try it on the bare metal, and it may work. Joanna Rutkowska is a well-known master in Hypervisor-related "black magic." I wouldn't expect anything less than a hypervisor-based OS (or Meta-OS?) from her. And this means always that it MUST run on the bare metal.
      • by WD ( 96061 )

        Possibly. In this case, however, it failed due to not having video drivers. It appears to require an Intel GPU. (or nVidia with some trickery)

  • by EGSonikku ( 519478 ) <petersen.mobile@gmail. c o m> on Monday September 03, 2012 @06:24PM (#41217407)

    Would just like to point out iOS does in fact give user control over Privacy:

    https://p.twimg.com/Avd_bj2CEAAokCD.jpg [twimg.com]

    The same pop-up occurs when an application wants to access your photo's, location, etc.

    And you can also set up Provacy controls for apps in Settings:

    http://i.imgur.com/LvImi.jpg [imgur.com]

    • Would just like to point out iOS does in fact give user control over Privacy:

      Is there a way to use iOS without iTunes, because iTunes does, by default, require personal information. Is there a way to set up iTunes and purchase apps for iOS without giving up any personal information?

      If not, then aren't those "privacy" setting in iOS a little like closing the barn door after your mule has been kidnapped and gang-raped by a biker gang and sold into white slavery?

      • No. iOS devices are shipped in a locked state, and revert to locked when the erase feature is used. They can only be unlocked by connecting them to a computer running iTunes, and associating to it. I don't know if you need an iTunes account too, or just the software installed. The latter won't get you apps (Baring jailbreak) but you can at least put music and media on.
        • Older iOS devices. The iPhone 4S, and the new iPad don't require a connection to iTunes at all for activation. You can take it right out of the box and turn it on and be on your merry way.

          • You can take it right out of the box and turn it on and be on your merry way.

            Unless you want to run an app on it.

            • Then, as I said, you make an account as John Smith and make up an address and use gift cards or throw away credit cards. I mean, you can't blame Apple that purchasing things requires money. That's hardly an issue with iOS.

              • I mean, you can't blame Apple that purchasing things requires money.

                Not just money, but traceable, personally identifiable money.

                If Apple cared about anyone's privacy, they would accept PayPal payments.

      • How do you intend to purchase apps without giving Apple your address and a method of payment? You could just use free apps, or use Apple gift cards for making purchases, and provide a fake name and address.

        At least as of the iPhone 4S, and 3rd Gen iPad you aren't required to plug into a computer or use iTunes to activate. All setup is now done on device.

        • How do you intend to purchase apps without giving Apple your address and a method of payment? You could just use free apps, or use Apple gift cards for making purchases, and provide a fake name and address.

          At least as of the iPhone 4S, and 3rd Gen iPad you aren't required to plug into a computer or use iTunes to activate. All setup is now done on device.

          That's true of any device running iOS 5 or later.

          • That's true of any device running iOS 5 or later.

            It's also true that if you happen to want to actually use your iOS device by running an app on it, you've got to give up that personal information.

            • by Mista2 ( 1093071 )

              Or you can lie.
              Just like the personal security questions, I lie to them too.
              Many services i use think I live at 1 Infinite Loop, including Apple 8)

        • How do you intend to purchase apps without giving Apple your address and a method of payment?

          That's my point. There are methods of paying without giving personal information. Paypal comes to mind. Apple won't allow those.

          That's why any "privacy" setting in iOS is just marketing BS.

        • Who should be interested in who I am? Apple or the credit card processor?

          I should only enter the CREDIT CARD personal details on the page of the credit card processor, and leave no trace on the pc itself, no reason for it.

      • Re: (Score:3, Interesting)

        by jbolden ( 176878 )

        Is there a way to use iOS without iTunes, because iTunes does, by default, require personal information. Is there a way to set up iTunes and purchase apps for iOS without giving up any personal information?

        Unless you are on an enterprise account there is no tracking between accounts and what you buy. The only company with that information is Apple and Apple doesn't sell data. Its sort of like worrying about privacy from the bank that's running your credit cards.

        • The only company with that information is Apple and Apple doesn't sell data. Its sort of like worrying about privacy from the bank that's running your credit cards.

          And when Apple is regulated the way banks are supposed to be regulated, I'll be OK with that.

          • by jbolden ( 176878 )

            I think Paypal and iTunes are broad enough that they should fall under banking laws. The FDIC so far is of the opinion that if you don't hold customer money you don't need to be chartered like a bank.

            • Paypal certainly "holds customer money".

              My account balance, as of 5:10pm CST, was about the same size as my personal checking account.

              My small business' PayPal accounts often holds as much or more than the business checking.

    • Would just like to point out iOS does in fact give user control over Privacy

      Apple uses a different definition of privacy than other people do; they define it as "giving information to anyone other than us." So your data is private, as long as you don't mind Apple having all of it.

      • Apple's own apps have the same pop ups, and though you are asked for your name and address to create an AppStore account, nothing stops you from providing a fake name and address, or using Apple Gift Cards or throw away credit cards for purchases.

  • by TummyBanana ( 2721845 ) on Monday September 03, 2012 @06:35PM (#41217487)
    Blimey, have you checked her out? She has is now my third favourite woman (after my mother and the Queen).
    • Re:What a specimen (Score:4, Insightful)

      by spasm ( 79260 ) on Monday September 03, 2012 @08:11PM (#41218261) Homepage

      And people wonder why women avoid IT..

      • Re: (Score:3, Insightful)

        Yes. It is a well known fact that women hate it when guys think they are hot.
        • Don't feed the butthurt feminist trolls...

          • Don't be a mysoginist douche.

            • Ah, "misogynist," (note spelling) another word that has lost pretty much all meaning save to serve as a shibboleth within the ranks of the True Believers, thanks to overuse. How lovely.

              Protip, white knight: There's a difference between hating women and not buying into feminist bullshit.

              • There's a difference between "not buying into feminist bullshit" and being a misogynist douche.

                Protip: excessive use of "protip" also makes you sound like a regular douche.

        • There's a difference between "Telling a woman that she looks good/hot/awesome" and "being a total jerk".
      • Re: (Score:2, Insightful)

        I don't see anything in the comment you replied to that indicates poster meant she was attractive or was in any way objectifying or sexist.

        In fact quite the opposite when you read who is other two top females are, his mom and the Queen, women he presumably respects for reasons other than sexist reasons.

        It read to me like he checked out her significant credentials in her chosen field and was very appropriately impressed.

    • by macraig ( 621737 )

      I don't share your particular preferences for (pheno-|geno-|whatever-) type. Competitors - 1. Lucky you!

    • In all seriousness, it is nice to see that a perfectly normal looking woman (ie not "ugly" or "manly" as is often the norm for acceptability into male-dominated circles) is also a brilliant hacker and presumably successful businesswoman. Wait, not nice -- fantastic. Amazing. Wonderful.
  • "even more secure than Apple's iOS"

    Wow ... thats the benchmark is it ?

The opossum is a very sophisticated animal. It doesn't even get up until 5 or 6 PM.

Working...