Re: [qubes-users] Qubes for "dummies"
On Tuesday, 28 November 2017 18:33:37 CET Foppe de Haan wrote: > Bottom line IMO these days security can't be done by a layman, Security as a concept is not that black / white, there is no 100% security and likewise I fail to see how "laymen" can't increase their security. As a quick example, in Windows you can download an exe and start it with zero technical knowledge. In Linux a downloaded executable can't be started without the user explicitly marking it "executable". Guiding people into doing the right thing can be done. As long as you don't aim for perfect security (which honestly doesn't exist anyway), you can help people increase their security significantly. In my humble opinion, this is already happening in Qubes. The NetVM is a good example of a standard setup that has become completely transparant to users while isolating them from bad drivers causing security issues for many other linux users. The people that need this most are those that don't have the technical know- how, exactly because they don't understand how opening an executable or PDF from the net can cause any harm. The point I'm trying to make is that those people can already use this software today, but many of the more fun features are impossible to them because they have not been made easy. I'd also like to mention that all things require time to learn, I'd like to set up some firewall rules to let different VMs communicate between themselves. But lacking a nice GUI I have to figure out how to do this at the command line, and I honestly just don't have the time to learn that right now. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1799306.mAIeOnHVnd%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes for "dummies"
On 11/28/2017 11:30 AM, 'Tom Zander' via qubes-users wrote: On Tuesday, 28 November 2017 03:38:02 CET Andrew David Wong wrote: Our position is that reasonable security via compartmentalization (of which Qubes is an implementation) requires the user to make informed decisions about how to compartmentalize various parts of their digital life into separate domains. I fully agree with genevieve on all he said, and I'm not sure if the answer I quoted above is a good answer to his worries. Lets avoid making conclusions about "dummies", I personally would say a lot of people can make a much more secure setup using Qubes even if they are completely inable to use a command line. Bottom line IMO these days security can't be done by a layman, you NEED to be at least a power-user to avoid pain of "it is broken and I can't fix it". I believe a computer user from 30 years ago would have an easier time than today's user simply due to them being used to using a CLI. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d6cd0da1-3162-a73f-a2ec-bcf7e9a15731%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes for "dummies"
On Tuesday, 28 November 2017 03:38:02 CET Andrew David Wong wrote: > Our position is that reasonable security > via compartmentalization (of which Qubes is an implementation) requires > the user to make informed decisions about how to compartmentalize > various parts of their digital life into separate domains. I fully agree with genevieve on all he said, and I'm not sure if the answer I quoted above is a good answer to his worries. Lets avoid making conclusions about "dummies", I personally would say a lot of people can make a much more secure setup using Qubes even if they are completely inable to use a command line. The trick is to not treat your users like morons but at the same time create usable and well designed (graphical) tools. What is missing currently is support for anything that is not xfce and while genevieve prefers Gnome, I perfer KDE. The GUI tools that Qubes came with in 3.2 are hardly done (many missing features) in 4.0, and thats Ok because they can be done at a later time. Writing usability centric tools is hard. What would be ideal is the opening of the APIs for 3rd party implementation. Naturally, there is an API, but its a python API, which is not exactly the most used API for graphical tools. I would argue that opening up the qubesd interface to users using other languages will open up the playing field to many GUI developers. Maybe even get some KDE / Gnome native integration. I won't speak for the core Qubes devs, but I would not be surprised if they would welcome others helping out with GUI tools because if you are good at security and Xen and stuff, that doesn't mean you enjoy doing GUIs. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21030661.7mqzxMQjci%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes for "dummies"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-11-27 11:44, genevieve.c.gauth...@gmail.com wrote: > Hi, I did not know about your OS. I think this project is awesome. I do not > have the computer knowledge some of you specialist of your field have. I am > writing this message to try to contribute in my own way. > Thanks! > First, I have also watched "Youtube :Golem and Friends: Data, Security, > Scaling and More..." (very interesting too and I am learning more...) > > The first part the presenter (I understand she is a major contributor to > Qubes) Not just any contributor, but the founder and architect! :) > says "I would not recommended using a windows OS - internet browsing" this > person as superior knowledge... > > My point of view is this : This lady (and probably all of you even reading my > post) are (would be) one of the most secure windows user(s) on this planet ! > > Regarding to your future project, I am writing this to also tell you about my > concerns that people who would NEED you the most, logically, would be the > user with LESSER/ALMOST NO computer skills ...! > > I have a MintLinux server at home (force to use this because of my limited > > knowledge and the "obnoxious" graphic card chipset of the old laptop that I > > transformed for my project. (Home network : I have windows clients (for > > gamers), macOS client & now a new fedora-based client that I wanted to be a > > Qubes client but ...(2nd topic)) So, if I were to install Qubes on many > > system, my first choice would be to install it on my friends and family > > members who do not have a clue what goes on at anything lower "than > > runlevel 5" (to be more accurate they know what they are seeing and that's > > almost it and nothing about what goes on "beyond the scene" as far as > > computers go) > > 2nd topic : My experience 48h experience with Qubes 3 + another 48h on Qubes > 4.0 rc2 on my personal laptop. First, I notice the Qubes manager went away. > Not a problem because I was able to master the command-line qvm-backup easily > (without knowing everything)) (but using a terminal is now consider "above > average" skills by definition) In fact, I had chosen Qubes for this laptop > (the hardware had the capacity to handle the OS as far as virtualisation is > concerned) and it seems perfect to read online and work on it. I felt my data > (my own little projects) would be more secured. > > Logic for dummies .. > => Logic : new laptop have touchscreen ... > => Logic : Qubes designer chose not to support gnome => I understand it > perfectly*. However, considering, in the future most user will have > touchscreen, they will want the OS/software to be able use the hardware > capacity they paid for (I think this is logical). The user who would need > your work the most will not be able to add touchscreen support to xfce-based > Qubes (if it's not included) I know that I was not able to do this myself at > first. (is it possible?) I loved your fedora-based system (dnf as opposed to > apt-get is not too difficult to adapt too) Therefore I decided to switch my > client to the new fedora workstation gnome-shell. I do not think supporting > gnome (with all the implication that this have about reviewing internal > security/reviewing codes => major hrs and, perhaps, many coffees for everyone > is "The Must Way to go" (I do not even think myself there should be any Must > Way/One Way. Users should be as free as they can) > > However, from a user (human) perspective, I needed to read about Qubes. I > wanted to read about your project. I used to be a able to use my touchscreen > to read faster... and gosh I have needed to read a lot the past for days! > Now, I am reading your documentation on fedora (with touchscreen support) and > this is much easier for me. I which I could reinstall Qubes (xfce /w > touchscreen support like my fedora 27 workstation) in 2018 :-) At this > point, I have switched to federa also because Qubes 4 had a nasty bug(s) > involving not only the nm-applet but the whole sys-firewall vm /sys-net vm... > Dummy perspective : One time, the nm-applet went away I could not start the > sys-firewall either (&sys-net , Error starting VM: Cannot exeCute > qrexec-daemon! in terminal :S ) Then after rebooting two times, my sys-net & > sys-firewall were "fine" .. Those problems are completely beyond my current > skills .. I switched to fedora 27 but I will continue to closely follow your > project/Qubes OS on facebook and read more about this project. > > If this help someone ... I think you are doing great work (users and > developers) and please keep in mind those who would need you (your skills) > the most are not even people like myself but users far more vulnerable (even > less knowledge)... I understand this from my own field that sometime people > with superior skills take for granted (as do I) some of "our" knowledge and > tend
[qubes-users] Qubes for "dummies"
Hi, I did not know about your OS. I think this project is awesome. I do not have the computer knowledge some of you specialist of your field have. I am writing this message to try to contribute in my own way. First, I have also watched "Youtube :Golem and Friends: Data, Security, Scaling and More..." (very interesting too and I am learning more...) The first part the presenter (I understand she is a major contributor to Qubes) says "I would not recommended using a windows OS - internet browsing" this person as superior knowledge... My point of view is this : This lady (and probably all of you even reading my post) are (would be) one of the most secure windows user(s) on this planet ! Regarding to your future project, I am writing this to also tell you about my concerns that people who would NEED you the most, logically, would be the user with LESSER/ALMOST NO computer skills ...! I have a MintLinux server at home (force to use this because of my limited knowledge and the "obnoxious" graphic card chipset of the old laptop that I transformed for my project. (Home network : I have windows clients (for gamers), macOS client & now a new fedora-based client that I wanted to be a Qubes client but ...(2nd topic)) So, if I were to install Qubes on many system, my first choice would be to install it on my friends and family members who do not have a clue what goes on at anything lower "than runlevel 5" (to be more accurate they know what they are seeing and that's almost it and nothing about what goes on "beyond the scene" as far as computers go) 2nd topic : My experience 48h experience with Qubes 3 + another 48h on Qubes 4.0 rc2 on my personal laptop. First, I notice the Qubes manager went away. Not a problem because I was able to master the command-line qvm-backup easily (without knowing everything)) (but using a terminal is now consider "above average" skills by definition) In fact, I had chosen Qubes for this laptop (the hardware had the capacity to handle the OS as far as virtualisation is concerned) and it seems perfect to read online and work on it. I felt my data (my own little projects) would be more secured. Logic for dummies .. => Logic : new laptop have touchscreen ... => Logic : Qubes designer chose not to support gnome => I understand it perfectly*. However, considering, in the future most user will have touchscreen, they will want the OS/software to be able use the hardware capacity they paid for (I think this is logical). The user who would need your work the most will not be able to add touchscreen support to xfce-based Qubes (if it's not included) I know that I was not able to do this myself at first. (is it possible?) I loved your fedora-based system (dnf as opposed to apt-get is not too difficult to adapt too) Therefore I decided to switch my client to the new fedora workstation gnome-shell. I do not think supporting gnome (with all the implication that this have about reviewing internal security/reviewing codes => major hrs and, perhaps, many coffees for everyone is "The Must Way to go" (I do not even think myself there should be any Must Way/One Way. Users should be as free as they can) However, from a user (human) perspective, I needed to read about Qubes. I wanted to read about your project. I used to be a able to use my touchscreen to read faster... and gosh I have needed to read a lot the past for days! Now, I am reading your documentation on fedora (with touchscreen support) and this is much easier for me. I which I could reinstall Qubes (xfce /w touchscreen support like my fedora 27 workstation) in 2018 :-) At this point, I have switched to federa also because Qubes 4 had a nasty bug(s) involving not only the nm-applet but the whole sys-firewall vm /sys-net vm... Dummy perspective : One time, the nm-applet went away I could not start the sys-firewall either (&sys-net , Error starting VM: Cannot exeCute qrexec-daemon! in terminal :S ) Then after rebooting two times, my sys-net & sys-firewall were "fine" .. Those problems are completely beyond my current skills .. I switched to fedora 27 but I will continue to closely follow your project/Qubes OS on facebook and read more about this project. If this help someone ... I think you are doing great work (users and developers) and please keep in mind those who would need you (your skills) the most are not even people like myself but users far more vulnerable (even less knowledge)... I understand this from my own field that sometime people with superior skills take for granted (as do I) some of "our" knowledge and tend to forget "obvious" is not the same "obvious" for all users. P-S I have seen Qubes 4.0 rc3 today (I stop with Qubes 4.0 rc2) it will be tempting for me in the future to see if you have solved those strange networking problems (rc2) occurring on my laptop ... Furthermore, I am thinking to create usb keys with Qubes for my family members for xm