Em terça-feira, 5 de julho de 2016 05:38:30 UTC-3, Francesco escreveu: > On Tue, Jul 5, 2016 at 2:46 AM, <juri...@gmail.com> wrote: > 1) qubes is a system for security and isolation. But when you install, you > have no encryption options. > > distros thinks that if a user wants some strong crypto thing, they must > research themselves and do all manually. We dont even find nothing about > qubes encryption in docs. That is wrong. First thing we must do > out-of-the-box is to offer strong full disk encryption, like veracrypt ones, > with options, iteractions, etc., and inform the user about that. Even tails > for just a live browser with storage capability does that. Even distros like > PARTED MAGIC for managing partitions now come with veracrypt installed as > default in live-cds. To me, Qubes is neglecting what the user wants to read > and do in encryption aspects. > > > > I usually use mint strong encryption. But even that i must do manually. > Imagine ALL users trying to do this on their own. They wont. i use appendix A > configs from links below, much stronger. > > > > https://community.linuxmint.com/tutorial/view/2026 (bios) > > https://community.linuxmint.com/tutorial/view/2061 (uefi) > > > > 2) Qubes face 2 problems nowadays for engaging new users with real security. > > > > a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for > people that has WINDOWS and GAMES also, a good GPU, and wont waste their > machine on a UNIQUE linux system at least without dual boot. > > > > b) Nvidia spy on people, with their streaming @!^@^% they put in new gpus, > network, etc, and people are suspicious amd too. But most consumers are from > nvidia. nvidia now spy on hardware level. Does not matter the system security. > > > > The solution? REAL windows virtualization with GPU PASSTROUGH. So, the high > end computers can use windows for what they need and even play games. Plus, > if you do use nvidia in dom-0, they WILL capture the screen on hardware > level. Nouveau is not working right for a long time. Onboard or gpu 1 for > dom-0 and nvidia or amd high end for windows VM. If the person doesnt have 2 > monitors, it can change the vga adapter from 1 to other to use windows after > starting the vm. that would be perfect. > > > > So we give a finger to nvidia and the drivers problems they cause, and we > isolate their spying inside windows vm, plus eliminating the need for a dual > boot and for everyone not using their gaming gpus. > > > > So, XEN is not good for that? consider passing to KVM. > > > > - To create a real secure isolation OS, it`s primal to ensure best disk > encryption avaliable, with CHOICE for speed/security, eliminate the windows > host multi boot needs, and make good use and usability for windows and gpus. > You will reach that when you direct the efforts to adapting the system for > what the global user WANTS AND NEEDS, and not adapting the user to the system > that 1 person in 1 chair dream for its personal needs. Ubuntu did not follow > this lesson with their unity thing and they paid the price. > > > > > > I fully agree with the idea of respecting user needs, but why do you think > gamers are really interested in strong security? Only because they spend > money for expensive computers? It seems a poor motivation for me. Gamers may > just spend money to play games as fast as possible and with less problems as > possible and any virtualization system lowers the speed and creates problems > for its very nature. Specially using Windows. IMHO gaming and serious > security go in opposite directions because the users are different and there > is no point trying to unify that in a single machine, specially a laptop > which most Qubes users have. It is too difficult or impossible and Qubes > developers resources are limited. > > > 3) Consider offering PFSENSE as optional firewall vm installed out of the > box. It`s very hard and time consuming to do that inside qubes system without > studying all, for managing internal ip structure etc. It is the most perfect > firewall for use inside a VM, qubes is a system for VMs, and i did use it > even inside windows in virtualbox. But i was in WINDOWS, and that means, no > real security at all. > > > > I would like also to give 2 more suggestions for people to considerate, > concerning whonix, since patrick is a developer here: > > > > 4) People need a pop-up window to explain them to NEVER use an existing > normal vm trough the whonix proxy vm, just NEW ONES. Because they have > already fingerprints, identifiers, browser behavior, browser plugins > identification, aplication updates, specially in windows. If they connect > that with once used real wan IP, game over for anonymity. > > > > 5) i will use this post to state that tor behaves differently to connect in > windows tor browser, or linux tor browser, compared to whonix, and i dont > know why. Whonix gets always same speed, 250 to 500 Kbps, (not KBps) with > speed of 30 to 60 kB/s of downloads, and in tor browser outside whonix, i get > 500 to 1 Mb kB/s downloads. Thats really strange and wasn`t expected. I get > this behavior for almost 2 years, and i dont have the expertize to know why. > after some googling, i saw i am not the only one getting different special > routes in tor using whonix. > > > > Sorry for my bad english, is not my main language, i hope people can > understand what i wrote. And forgive me if i wrote stupid things. > > > > -- > > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users...@googlegroups.com. > > To post to this group, send email to qubes...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/8efb8d91-de6b-4a6d-b215-65bca333a81f%40googlegroups.com. > > For more options, visit https://groups.google.com/d/optout.
Not trying to insult you, but: 1) i never said "gamers are really interested in strong security"; 2) even less "Only because they spend money for expensive computers?" 3) or "how gamers spend money" You seem to have a silogism problem in your mind. That would upset a lot people you try to debate with. You should start to pay a little attention to that. But ok, there are no "gamers flooding to qubes". But what you must understand is that the average user nowadays has games, sometimes in free times they "also"play, there are people that play more, people that play less, i play starcraft like 2 or 3 times a week, i play counter strike once or twice in a month, but remember, average user is NOT a HEAVY GAMER. But most HAVE games, did BUY some games, and did BUY some good GPU in their computer. PERIOD. And they WONT sacrifice dual boot and stop using gpu because of that. I have 300 frames per second with my geforce gtx 960 in best graphics settings in latest counter strike GO. For me would be no problem to sacrifice 10 or 20% of that to stay secure. By the way, in a group conference, 100% of people said if they could use their gpus inside qubes, in a single separated vga output, they would already be there after windows telemetry latest doings. Strike the iron while it`s hot. Qubes is the response to the average user. NOONE SAID that qubes is directed to the heavy gamer only user. Noone but you. Plus, you better remember that: Windows is sending telemetry things even hidden inside normal updates. They send data when you plug your camera on. They capture all keystrokes even of your credit cards and passwords. They communicate even when you tell them not to. If you let your computer alone for 15 min, it will start sending heavy data. The average user will play their LOL or Dota or counter strike with their gpus they did buy but will wanna work with safety. Or need to use windows for some activity. http://arstechnica.co.uk/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/ And you better REMEMBER that if you are a simple TOR OR TAILS user, nsa will deep monitor YOU. What if you turn on QUBES? aaaah, then it`s for SURE: http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance http://www.infoworld.com/article/3012932/linux/the-nsa-might-be-spying-on-tor-users.html http://www.theregister.co.uk/2014/07/03/nsa_xkeyscore_stasi_scandal/ So, when you DOWNLOAD AND INSTALL qubes, you WILL BE on deep monitoring. We are not talking about "GAMERS", dude. But you better learn that HIGH END cpus with good RAM will usually HAVE A GOOD GPU and WINDOWS NEED FOR THE USER. Mix that with a directed deep monitoring NSA attack into qubes users and you WILL have a problem. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6826ebc2-b6ab-4e06-83cd-723d2432f9f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
