On Sunday, January 27, 2019 at 12:22:03 PM UTC-5, unman wrote: >[snip] > Qubes provides a framework for using software - it doesn't take away the > onus on users to use that software properly, and to ensure they are aware > of good practice. (As an aside I'm always baffled by people querying > how they can use Facebook under Tor or Whonix. What are they thinking?) > I regularly audit templates with tripwire, running from an > offline openBSD qube, and do standards checks with debsums. I do good > deal of my work offline in openBSD and then transfer encrypted in to > other qubes for transmission. That seems like overkill, and isn't for > everyone: it might be for you. > > unman
I think this is the most important thing you wrote. I used to do network security for a small scientific government network back in the 1990s, and I constantly ran into the problem that there is an inverse relationship between security and usability. The scientists on my network were constantly finding ways of going around whatever security measures I put in place precisely because they didn't want to deal with the "hassle." But I'm no different, really. Not too many years ago, I routinely disabled SELinux when I installed a new OS simply because I considered it too much of a hassle to learn how to use it effectively. It made it difficult for me to do stuff. Everybody yelled at me, but it just wasn't worth the effort to me. Now, I've learned it a bit and it's not such a hassle. There's this balance between the inconvenience/damage associated with an intrusion versus the inconvenience associated with the security configuration. For me on the computer I'm using as I write this, it wouldn't be the end of the world if *everything* on my computer were owned by someone else. It would be a hassle, but not fatal -- I have insurance, etc. for the financial information I have here, and I don't really care if someone sees the email conversations I have on this machine. So, considering the financial stuff, for instance. There's a hassle with someone getting my credit card information. It's happened (though not because of a computer glitch). My card gets frozen, I can't use it for a week or two, I have to make a bunch of phone calls, etc. But I'm financially protected and eventually I'll be fine. The problem is the hassle factor, not financial ruin. My biggest security concern is someone using up all my bandwidth; I live in a rural area and have metered service. Someone using up 5 gigs of bandwith is more concerning to me than them owning 5 gigs of data from my machine. So, I have to ask myself, which is more hassle -- dealing with the intrusion, or dealing with the security hassle? It's my responsibility to determine where that balance is, and nobody else's. And it's likely different for everybody. For instance, I used to have a blog, but I'm a litigation consultant and I started seeing my blog posts turning up in court. So I don't blog any more. I can't be on Facebook, or LinkedIn, or Doximity, or ResearchGate. That's not a problem for me, but it would drive my wife crazy. I use one laptop for some stuff, and I use a different laptop, differently configured, for other stuff. And, the higher up the food chain you go with respect to people interested in surveilling you, the less chance you have of keeping them out. I'm out of the business now, but back in the day I occasionally did some classified work. I remember some years ago, I called a friend of mine who worked for the government. I called him using the work phone of an acquaintance to ask him a technical question. He picked up the phone and immediately said "Hey, Bill, how you doing?" I was stunned. I asked him how the hell he knew it was me. He said "Bill, I'm with the <government agency>. We always know where you are." I have another friend who spent his early career working for a government contractor. His job was to break into people's houses at night and install keyloggers on their computers. With a subpoena, of course. All the security software in the world won't help you with that. The key, for me, is to achieve the maximum security that I can achieve and stay below my maximum hassle tolerance. Qubes is nice because it adds a big uptick in transparent security with only a small uptick in hassle -- at least for someone who is fairly conversant with sysadmin stuff. So for me it's a big win. But it's not all there is. There's no such thing as perfect security. There's only finding the balance between one's perceived risk, one's actual vulnerability, and one's tolerance for hassle. And any security configuration is self-defeating if: 1) People take it for granted and think that it's all they have to think about, and/or 2) It's enough of a hassle that you start going around it to do your work. billo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c2267ae9-7c27-4078-99fc-74c58ffce4f3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
